<![CDATA[Deface attacks are critical threats that disrupt server integrity and damage an organization's reputation. This research aims to design a Wazuh-based Security Information and Event Management (SIEM) system integrated with the Telegram Bot to detect, prevent, and provide real-time notifications against deface attacks. The method used is the Network Development Life Cycle (NDLC), which has three main stages: requirement analysis, system design, and prototype simulation. The implementation was conducted on a virtual environment using Ubuntu Server 22.04 as the Wazuh Manager and Parrot Security OS as the attack simulator. The results showed that Wazuh successfully detected three main types of attacks: File Upload Vulnerability, Remote Code Execution (RCE), and Webshell through log analysis and custom rules. Integration with Telegram Bot enables instant notification when threats are detected, along with automated responses such as directory restores, attacker IP address blocking, and proactive mitigation. Tests prior to Wazuh's implementation proved the server's vulnerability to file modification, while after implementation, the system was able to prevent illegal changes with 100% effectiveness. The conclusion of this study confirms that the combination of Wazuh SIEM and Telegram Bot improves server security through early detection, rapid response, and centralized monitoring. This solution not only reduces the risk of deface but also provides an efficient notification mechanism for administrators. Recommendations for development include adding attack variations, improving active response, and optimizing integration with other platforms.]]>
Copyrights © 2025
