<![CDATA[It is known that configuring system information and event management (SIEM) infrastructure using conventional virtualization still provides essential functions. However, if a problem occurs such as a configuration error during the staging process or application service failure, the recovery process from the error requires quite a long time. This research aims to explore and analyze the implementation of container technology in the SIEM Infrastructure using the Wazuh platform. The analysis focuses on a Docker-based architecture running Wazuh's core components: the wazuh-indexer, wazuh-manager, and wazuh-dashboard, each in its own container. This approach is evaluated to see how containerization affects SIEM effectiveness and efficiency, particularly in resource utilization and fault recovery. Performance testing carried out on systems using Docker Containers shows lower Memory and CPU usage compared to Conventional Virtualization. The results demonstrate that Docker not only enhances resource efficiency but also improves system resilience, directly impacting SIEM operational functionality.]]>
Copyrights © 2025
