Toggle navigation
Guilgo Blog
☾
All Posts
tips
ARCHIVE
ABOUT
Guilgo Blog
Notes from my daily work with technology.
Monitoring Active Directory and Office365 with Wazuh: custom rules and critical events
How to deploy Wazuh as SIEM/XDR to meet cybersecurity requirements, detecting account lockouts, authentication failures and key events on Windows and Office365.
How to deploy Wazuh to monitor Active Directory and Office365 with custom rules in local_rules.xml, critical EventIDs and centralized Kibana dashboards.
Posted by David Guillermo on Thursday, August 28, 2025
← Newer Posts
Sysadmin, self-taught by curiosity.
FEATURED TAGS
docker
kubernetes
linux
microsoft
monitoring
powershell
security
sysadmin
telegram
wazuh
wsus
