<![CDATA[This research evaluates the performance of integrating Wazuh, an open-source Security Information and Event Management (SIEM) platform, with Grafana, a real-time visualization tool, for cyber threat detection in resource-constrained environments. The objective is to assess detection accuracy, false positive rates, response times, and system efficiency under controlled experimental conditions. The testbed consisted of two virtual private servers (4 vCPUs, 4–8 GB RAM, 38–50 GB storage) and employed the CIC-IDS2017 dataset as a benchmark for simulating three representative attacks: brute-force, malware injection, and webshell exploitation. The results showed that the integrated system achieved 100% detection accuracy with 0% false positives across 30 trials, with an average total detection time of 3033 ms. Resource utilization remained low, with CPU usage below 35% and memory consumption under 25%, confirming feasibility for mid-range servers typical of small institutions. While these results underscore the system’s efficiency, the findings must be interpreted within the limitations of a laboratory environment where predefined signatures were used. Performance in real-world networks with diverse traffic and unknown threats may differ, and further validation is required. This study makes two key contributions: (1) it provides the first structured quantitative benchmark of Wazuh-Grafana integration in constrained environments using a standardized dataset, and (2) it offers practical recommendations for small and medium-sized institutions, including minimum system requirements and guidelines for dashboard configuration. These findings reinforce the role of open-source solutions as affordable, adaptive, and effective alternatives to commercial SIEM systems, particularly for organizations with limited cybersecurity budgets.]]>
Copyrights © 2025
