Does this skill help with compliance mapping?

Yes, it is mapped to multiple frameworks including NIST CSF 2.0, NIST AI RMF, and MITRE ATT&CK to help meet regulatory requirements.

What version of Wazuh is supported by this skill?

This skill is optimized for Wazuh Manager 4.x and higher with the REST API enabled.

Can I test my custom detection rules before deploying them?

Yes, the skill includes steps to use the /logtest endpoint, allowing you to validate decoder and rule logic against sample logs.

What dependencies are needed for the API interaction?

The skill requires Python 3.9+ and the 'requests' library to communicate with the Wazuh REST API.

How does the skill handle authentication with the Wazuh Manager?

The skill facilitates JWT authentication via the /security/user/authenticate endpoint using your provided API credentials.

Wazuh Endpoint Detection Implementation

Name: Wazuh Endpoint Detection Implementation
Author: mukul975

bymukul975

•

4,121

•

Security & Testing

Automates the deployment, configuration, and management of Wazuh SIEM/XDR for comprehensive endpoint security monitoring and incident response.

This skill streamlines the integration of Wazuh into security operations by providing automated agent management, custom XML rule and decoder creation, and API-driven alert querying. It is designed for security engineers and SOC analysts who need to implement scalable endpoint detection, validate detection logic via logtest endpoints, and ensure their security infrastructure aligns with NIST and MITRE frameworks. By leveraging the Wazuh REST API, it enables seamless orchestration of security controls and rapid response to detected threats.

Key Features

01Custom XML decoder and rule generation for domain-specific threat detection

02Mapping of security controls to NIST CSF 2.0 and NIST AI RMF frameworks

03Real-time alert querying and filtering by severity, agent, or rule ID

04Automated agent lifecycle management via Wazuh REST API

05Rule logic validation using integrated logtest endpoint testing

064,121 GitHub stars

Use Cases

01Automating incident response workflows by programmatically retrieving security telemetry

02Developing and testing custom detection rules for organization-specific security threats

03Scaling endpoint monitoring and agent deployment across distributed enterprise environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-endpoint-detection-with-wazuh

For use in Claude.ai and ChatGPT

Key Features

01Custom XML decoder and rule generation for domain-specific threat detection

02Mapping of security controls to NIST CSF 2.0 and NIST AI RMF frameworks

03Real-time alert querying and filtering by severity, agent, or rule ID

04Automated agent lifecycle management via Wazuh REST API

05Rule logic validation using integrated logtest endpoint testing

064,121 GitHub stars

Use Cases

01Automating incident response workflows by programmatically retrieving security telemetry

02Developing and testing custom detection rules for organization-specific security threats

03Scaling endpoint monitoring and agent deployment across distributed enterprise environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-endpoint-detection-with-wazuh

For use in Claude.ai and ChatGPT