<![CDATA[Application-layer attacks targeting Windows systems remain a significant threat due to their ability to bypass traditional perimeter defenses. These attacks often exploit vulnerabilities listed in the OWASP Top 10 for desktop applications, demanding proactive defense mechanisms. This paper proposes a unified approach that combines SIEM and SOAR capabilities to detect and respond to Windows-based application-layer threats with increased efficiency and automation. The framework integrates the open-source SIEM platform Wazuh with the SOAR engine Shuffle to automate threat detection and incident response. A layered defense strategy is implemented, involving log correlation, rule-based policy enforcement, and playbook-driven response automation. The integration reduces manual triage overhead and enhances response time compared to traditional SOC patterns. This framework demonstrates a scalable, open-source-based solution for defending Windows environments at the application layer. It sets the groundwork for future integration of AI-driven analytics, multi-OS support, and tamper-proof event lo event logging using blockchain technologies.]]>
Copyrights © 2025
