<![CDATA[With the development of ICT (Information and Communication Technology), cybersecurity threats to companies are becoming increasingly complex and diverse, one of which is malware that can attack endpoint devices such as computers/laptops and servers in companies. An effective approach in dealing with these challenges is to implement a SIEM (Security Information and Event Management) system that is able to monitor, analyze, and respond to security incidents in real-time by implementing an endpoint security monitoring system using the Wazuh platforsm in a structured corporate network environment. The method used in this study is the PPDIOO Method (Prepare, Plan, Design, Implement, Operate, Optimize). As a stage starting with (a) prepare is used to analyze needs, (b) plan to design IP addresses, (c) design to design network topology, (d) implement, namely implementing SIEM with wazuh installation and configuration by setting Path scanning warning malware files, (e) operate to monitor and test wazuh, (f) optimize to make modifications to improve system performance. The results of this study are that the test that has been carried out wazuh as much as 1 time can detect malware on one endpoint device and On the Wazuh dashboard, an alert notification appears that the desktop endpoint received a real-time malware attack numbering one and malware warning notifications are sent to telegram bots so that users are immediately aware, this shows that wazuh can be used to analyze, monitor and respond to security incidents]]>
Copyrights © 2025
