Claim Missing Document
Check
Articles

Found 32 Documents
Search

Implementasi Prototipe SIEM Berbasis Wazuh pada Website dengan Pengujian FIM dan Threat Hunting Hidayasari, Nurmi; Mansur; Kasmawi; Efendi, Zuliar
JITSI : Jurnal Ilmiah Teknologi Sistem Informasi Vol 6 No 4 (2025)
Publisher : SOTVI - Society of Visual Informatics

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.62527/jitsi.6.4.523

Abstract

This study implements a Wazuh-based Security Information and Event Management (SIEM) prototype to enhance security monitoring for a web application. The architecture uses two VPS instances: a web server as the log source equipped with a Wazuh Agent, and a monitoring server running the Wazuh Manager and Dashboard for event analysis and visualization. The evaluation combines threat hunting and File Integrity Monitoring (FIM) using several test scenarios: OWASP ZAP scanning, XSS, SQL injection (login-form testing and automated sqlmap attacks), and SSH brute force using hydra. The results show that Wazuh successfully detects XSS via rule 31105 (level 6) and sqlmap-based SQL injection via rule 31106 (level 6) because the attack patterns are clearly recorded in the web access logs. SSH brute force is strongly detected by rule 5763 (level 10), indicating repeated failed login attempts. In addition, FIM records file changes such as added and modified files (e.g., rules 554/550); however, it may generate noise when monitoring dynamic directories. The SQL injection attempt through the login form does not produce a specific SQL injection alert, suggesting limitations in log visibility/format and the need for decoder/ruleset tuning. Overall, Wazuh is effective for log-based security monitoring, while detection quality depends on log completeness, rule configuration, and FIM scope.
Wazuh-Based Security Monitoring for Public Service Web Systems: Detection Effectiveness, Alert Latency, and Resource Overhead Mansur; Nurmi Hidayasari; Kasmawi; Zuliar Efendi
Journal of Embedded Systems, Security and Intelligent Systems Vol 7 No 2 (2026): June 2026
Publisher : Program Studi Teknik Komputer

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.59562/jessi.v7i2.2636

Abstract

Purpose - This study evaluates the effectiveness of Wazuh-based security monitoring in detecting cyber threats in public service web systems, particularly XSS, SQL Injection, SSH brute-force attacks, and file integrity violations. Design/methods/approach – An experimental quantitative approach was conducted in a controlled virtualized environment using Proxmox VE. Wazuh was deployed as a centralized Security Information and Event Management (SIEM) system with active threat detection and File Integrity Monitoring (FIM). Simulated attacks and file modification events were executed, and system performance was assessed based on detection rate, alert latency, and resource utilization. Findings - Wazuh achieved a 100% detection rate across all tested attacks, including XSS (10/10), SQL Injection (10/10), and SSH brute-force (20/20). The average alert latency was 6.8 seconds for XSS, 132.6 seconds for SQL Injection, and 52 seconds for SSH brute-force attacks. Although CPU and memory usage increased after deployment, the overhead remained within acceptable operational limits in the experimental environment. Research implications/limitations – The system demonstrates effective real-time centralized monitoring capability; however, the evaluation was limited to a controlled virtual environment and predefined attack scenarios, which may not fully represent real-world conditions. Originality/value – This study provides empirical evidence of Wazuh’s performance as a centralized SIEM solution for public service web systems, highlighting its detection effectiveness and operational trade-offs in terms of alert latency and system resource usage.