Login

UbuCon Asia 2025

30–31 Aug 2025
St. Xavier's College
Asia/Kathmandu timezone

UbuCon Asia

SIEM automation using Wazuh and Ansible for ubuntu

30 Aug 2025, 13:30
30m
0. Main hall (St. Xavier's College)

0. Main hall

St. Xavier's College

Maitighar, Kathmandu, Bagmati, 7437, Nepal
Sponsored talk Security and Compliance

Speakers

Dipesh Poudel
Sushant Prasai

Description

Introduction to Wazuh and Ansible

  • i. Overview of Wazuh as an open-source SIEM tool
  • ii. Role of Ansible in security automation

Understanding Wazuh Alerts

  • i. How Wazuh detects security events
  • ii. Types of alerts generated in an Ubuntu environment

Automating Patch Management with Ansible

  • i. Writing Ansible playbooks for alert remediation
  • ii. Automating security patching based on Wazuh alerts

Implementation and Examples

  • i. Deploying Wazuh core components in 9 Ubuntu VMs
  • ii. alerts based on Global NST databases built into the Wazuh
    manager
  • iii. Understanding alert levels and rule IDs in Wazuh
  • iv. Utilizing built-in decoders in Wazuh core for alert processing
  • v. Configuring Ansible for automated response
  • vi. Example scenarios of security vulnerabilities and their automated
    remediation

Best Practices and Considerations

  • i. Ensuring reliability and security in automation
  • ii. Optimizing Wazuh and Ansible for large-scale deployments

Q&A and Discussion

  • Open floor for audience questions

Biography

Sushant Prasai is a System Engineer specializing in Linux administration, security automation, and cloud technologies. Passionate about open-source solutions, he has extensive experience in SIEM, configuration management, and enterprise security.

Dipesh Poudel is a System Engineer specializing in SIEM, security automation, and infrastructure management. With expertise in Wazuh, log analysis, and threat detection, he focuses on optimizing security workflows and ensuring high availability.

What audience can learn

How to use Wazuh and Ansible for automated security patching
Writing Ansible playbooks to respond to security alerts
Best practices for security automation in Ubuntu environments

Summary

This talk covers the automation of Wazuh alerts using Ansible on Ubuntu servers. It will guide attendees through setting up Wazuh, understanding alert mechanisms, and implementing Ansible playbooks for automated security patching.

Things to know or prepare for this session

Familiarity with SIEM concepts and Wazuh
Understanding of Ansible and YAML playbook structures

Difficulty level Intermediate

Presentation materials

Dipesh poudel.jpeg
Sushant Prasai.png

© 2024 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.