<![CDATA[The rapid advancement of digital technology has increased the risk of malware that can disrupt systems, steal data, and hinder operations. Wazuh emerges as an open-source solution capable of detecting suspicious activities through log analysis. However, its accuracy can be enhanced by integrating VirusTotal as a verification service for suspicious files. The main objective of this study is to develop an Ansible playbook to automate the installation process, Wazuh configuration, integration with VirusTotal, and real-time notification delivery to Telegram. The method used is the Network Development Life Cycle (NDLC) approach, consisting of three stages: analysis, design, and simulation prototyping. The analysis stage involves literature review and comparison of previous studies. The design stage covers network, system, and IP configuration planning. The simulation is conducted in a virtual environment using five virtual machines consisting of a Wazuh server, Ansible server, two agents (Windows and Linux), and an additional VM for configuration automation testing. The results show that the developed system effectively detects three main types of malware (trojan, ransomware, and worm), performs active response, and sends alerts automatically via Telegram. Installation and configuration processes become faster and more consistent thanks to the Ansible playbook. The system also proves to be reliable and efficient in handling malware attacks automatically. Active response timing varies for each type of malware—both in detection and removal—affected by internet connection quality and API usage time limits, leading to time differences. Additionally, the use of Ansible significantly reduces configuration time and minimizes the potential for human error during deployment in the virtual network environment. The conclusion of this study is that the integration of Wazuh and VirusTotal with Ansible-based configuration automation improves efficiency, accuracy, and scalability in malware detection and protection. This automation not only accelerates the security process but also reduces manual configuration errors, offering a more robust security solution that can be further developed.]]>
Copyrights © 2025
