FREE Advanced Wazuh Detection Rules


Access Repo — Don’t forget to give the project a star 😄

Our Goal

  • Detection rules can be a tricky business and we believe everyone should have access to a strong and growing ruleset.
  • Wazuh serves as a great EDR agent, however the default rulesets are rather laxed (in our opinion). We wanted to start building a strong repo of Wazuh rules for the community to implement themselves and expand upon as new threats arise.
  • Cybersecurity is hard enough, let’s work together 😄


If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag “enhancement”.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b ruleCategory/DetectionRule)
  3. Commit your Changes (git commit -m 'Add some DetectionRules')
  4. Push to the Branch (git push origin ruleCategory/DetectionRule)
  5. Open a Pull Request

Need Help?


Platform Demo:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).