<![CDATA[- Advanced Persistent Threats are significant cybersecurity threats that employ covert and strategically planned operations to achieve long-term unauthorized access and data exfiltration. PT XYZ, a logistics company with considerable operational and customer data, is more susceptible to APTs, which is why the company decided to implement Wazuh as an open-source SIEM platform for improved intrusion detection capabilities. We assessed how effectively this IDS-SIEM implementation could detect and respond to APT scenarios by analyzing multi-source logs from Wazuh, Sysmon, and endpoint telemetry across PT XYZ’s PC infrastructure between June 3-30, 2025—capturing 35,333 records in total. Simulated APT attacks were carried out using Atomic Red Team with detection mapping based on MITRE ATT&CK tactics. Most of the early stages of attack phases were identified by Wazuh particularly Initial Access and Execution phases where the system logged 1,060 true positives; 8,537 true negatives; 563 false positives; and 440 false negatives at an accuracy rate of 91%. Normal traffic detection results were good with a precision of 0.95, recall of 0.94 F1-score at the same value whereas attack detection had a precision value of 0.65 with a recall of 0.71 giving it an F1 score of 0.68 making macro-averaged metrics fall at values such as 0.80 for precision and 0.82 for recall which further brought the F1 score up to 0.81 while weighted averages peaked at 0.91.Our results indicate that an open-source SIEM like Wazuh can be used effectively for the detection of APTs in logistics operations when configured appropriately using MITRE ATT&CK-based threat simulations – hence having real-world applicability towards improving cybersecurity defenses within this sector.]]>
Copyrights © 2025
