**STOP paying $5,000/month for enterprise security tools like Splunk or Datadog just to monitor your home lab or small business server.
You can build a Military-Grade Security Operations Center (SOC) entirely for free using Open Source tools.
In this masterclass, I’ll show you how to deploy Wazuh (The Open Source SIEM) using Docker, and then we will write a custom Python Attack Bot to test our defenses in real-time.
**
📺 Watch the Full Masterclass
https://youtu.be/VuLllgyujqs?si=tcHu2FzSqHxvl7EE
🛠️ What We Build in This Video:
- The Architecture: Setting up the Wazuh Manager (The Brain) and Agents (The Eyes).
- Docker Deployment: Getting the stack up in under 3 minutes.
- The Attack: Writing a Python script (
audit_tool.py) to simulate a brute-force attack. - The Defense: Configuring a Custom XML Rule to detect the pattern and auto-ban the IP.
### 👨💻 The Code
Don't want to type everything from the video? Here is the source code for the tools we built.
1. The Python Attack Bot (audit_tool.py)
Use this script to simulate an attack on your own server (Do NOT use this on servers you don't own).
python
import paramiko
import socket
import time
# CHANGE THIS to your local server IP
TARGET_IP = "192.168.1.XX"
USER = "root"
print(f"[*] Starting Audit Tool targeting {TARGET_IP}...")
while True:
password = input("Enter Password to Test: ")
try:
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Attempt Connection
client.connect(TARGET_IP, username=USER, password=password, timeout=3)
print("[+] SUCCESS: Password Found!")
client.close()
break
except paramiko.AuthenticationException:
print("[-] Auth Failed: Wrong Credentials.")
except socket.error:
print("[!!!] CONNECTION REFUSED: Server blocked us! (Active Response Worked)")
break
except Exception as e:
print(f"[!] Error: {e}")
<rule id="100003" level="10" frequency="15" timeframe="10">
<if_matched_sid>60137</if_matched_sid>
<description>Critical: Massive Logoff Flood Detected (Possible Brute Force)</description>
</rule>
Top comments (0)