Guilgo Blog

Notes from my daily work with technology.

Wazuh 5: a production survival guide

Verifiable criteria to go live without the stack eating you

Verifiable criteria to take Wazuh 5 to production: fearless upgrades, signal vs noise, indexer performance, and a pilot with a clear stop rule.

Posted by David Guillermo on Wednesday, April 29, 2026

Build a proactive SOC in a homelab: Kubernetes, Docker, Wazuh, Trivy and Telegram

Low-noise periodic checks: broken pods, high Wazuh alerts, CVEs in exposed images and Telegram reports, with deduplication and clear severity policy

Guide: proactive homelab SOC with k3s, Wazuh, Trivy (CVEs on exposed Docker images) and Telegram. Cron, low noise, dedupe and actionable alerts.

Posted by David Guillermo on Sunday, April 26, 2026

Wazuh without Elasticsearch: lightweight dashboard in Grafana with the REST API

Agents, security alerts (SCA, MITRE), AdGuard and parental control in one dashboard. No Indexer or official Dashboard.

Use Grafana as frontend for Wazuh Lite: agents, security alerts (SCA, MITRE), AdGuard and parental control. NodePort, JSON plugin, JWT, alerts proxy and panels in one dashboard. No Indexer or Elastic/OpenSearch.

Posted by David Guillermo on Friday, February 27, 2026

Auditing Kubernetes with Wazuh: API server audit logs to the SIEM step by step

Webhook, audit policy and rules to send Kubernetes audit logs to Wazuh and alert on resource create/delete

Step-by-step guide to audit Kubernetes with Wazuh: API server audit logs to the SIEM, webhook listener, audit policy and rules in local_rules.xml. Kubernetes security monitoring.

Posted by David Guillermo on Thursday, February 26, 2026

OpenClaw: troubleshooting homelab installation with Docker, Telegram and Ollama

Real errors, causes and copy-paste fixes when OpenClaw doesn't respond

OpenClaw troubleshooting guide for homelab: Telegram webhook 409 conflict, Docker and Ollama, 16k context model, CPU timeouts and OpenAI API alternative.

Posted by David Guillermo on Tuesday, February 17, 2026

Prioritize critical patches in WSUS when Wazuh detects CVEs

From Vulnerability Detector alerts to controlled deployment on Windows

Practical workflow to approve and deploy only critical updates in WSUS when Wazuh alerts on vulnerabilities, with pilot groups and prioritization criteria.

Posted by David Guillermo on Friday, February 6, 2026

avatar

Sysadmin, self-taught by curiosity.

FEATURED TAGS
docker kubernetes linux microsoft monitoring powershell security siem sysadmin telegram wazuh wsus