I have been running the Wazuh Unified XDR and SIEM platform for a few years now for my company server and lab environments in order to monitor and act on cybersecurity threats to my infrastructure. While there are other more comprehensive “enterprise” commercial SIEM products in the market, Wazuh, without a doubt, has its place and is often my go-to recommendation for small and medium size organisations needing a SIEM platform.

One significant missing piece within my own Wazuh environment was a lack of native integration with Ubiquiti UniFi products. Specifically, I am referring to Wazuh decoders and rules for UniFi OS and Networks. I can’t think of a bigger missing data source in a SIEM than perimeter firewall, router, and network logs.