<![CDATA[Purpose - This study evaluates the effectiveness of Wazuh-based security monitoring in detecting cyber threats in public service web systems, particularly XSS, SQL Injection, SSH brute-force attacks, and file integrity violations. Design/methods/approach – An experimental quantitative approach was conducted in a controlled virtualized environment using Proxmox VE. Wazuh was deployed as a centralized Security Information and Event Management (SIEM) system with active threat detection and File Integrity Monitoring (FIM). Simulated attacks and file modification events were executed, and system performance was assessed based on detection rate, alert latency, and resource utilization. Findings - Wazuh achieved a 100% detection rate across all tested attacks, including XSS (10/10), SQL Injection (10/10), and SSH brute-force (20/20). The average alert latency was 6.8 seconds for XSS, 132.6 seconds for SQL Injection, and 52 seconds for SSH brute-force attacks. Although CPU and memory usage increased after deployment, the overhead remained within acceptable operational limits in the experimental environment. Research implications/limitations – The system demonstrates effective real-time centralized monitoring capability; however, the evaluation was limited to a controlled virtual environment and predefined attack scenarios, which may not fully represent real-world conditions. Originality/value – This study provides empirical evidence of Wazuh’s performance as a centralized SIEM solution for public service web systems, highlighting its detection effectiveness and operational trade-offs in terms of alert latency and system resource usage.]]>
Copyrights © 2026
