https://blog.qife122.com/tags/wazuh/ Recent content in Wazuh on 办公AI智能小助手 Hugo zh-cn qife Mon, 20 Oct 2025 17:57:00 +0800 https://blog.qife122.com/p/%E9%9B%86%E6%88%90wazuh%E7%9A%84%E6%99%BA%E8%83%BDsoc%E7%B3%BB%E7%BB%9Fai%E9%A9%B1%E5%8A%A8%E5%AE%89%E5%85%A8%E8%BF%90%E8%90%A5%E4%B8%AD%E5%BF%83%E5%AE%9E%E6%88%98%E6%8C%87%E5%8D%97/ Mon, 20 Oct 2025 17:57:00 +0800 https://blog.qife122.com/p/%E9%9B%86%E6%88%90wazuh%E7%9A%84%E6%99%BA%E8%83%BDsoc%E7%B3%BB%E7%BB%9Fai%E9%A9%B1%E5%8A%A8%E5%AE%89%E5%85%A8%E8%BF%90%E8%90%A5%E4%B8%AD%E5%BF%83%E5%AE%9E%E6%88%98%E6%8C%87%E5%8D%97/ <h1 id="agentic-soc-system-with-wazuh-integration">Agentic SOC System with Wazuh Integration</h1> <p>一个结合AI驱动调查与真实SIEM集成的全面安全运营中心系统，使用Wazuh实现。该系统提供自动化的威胁检测、调查和响应能力。</p> <h2 id="-架构">🏗️ 架构</h2> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ </span></span><span class="line"><span class="cl">│ 前端 │ │ 后端API │ │ Wazuh SIEM │ </span></span><span class="line"><span class="cl">│ (React) │◄──►│ (FastAPI) │◄──►│ (Manager) │ </span></span><span class="line"><span class="cl">└─────────────────┘ └─────────────────┘ └─────────────────┘ </span></span><span class="line"><span class="cl"> │ │ </span></span><span class="line"><span class="cl"> ▼ ▼ </span></span><span class="line"><span class="cl"> ┌─────────────────┐ ┌─────────────────┐ </span></span><span class="line"><span class="cl"> │ SOC代理 │ │ 测试虚拟机 │ </span></span><span class="line"><span class="cl"> │ (AI驱动) │ │ (Ubuntu) │ </span></span><span class="line"><span class="cl"> └─────────────────┘ └─────────────────┘ </span></span><span class="line"><span class="cl"> │ </span></span><span class="line"><span class="cl"> ▼ </span></span><span class="line"><span class="cl"> ┌─────────────────┐ </span></span><span class="line"><span class="cl"> │ MCP服务器 │ </span></span><span class="line"><span class="cl"> │ (SIEM/EDR/NDR)│ </span></span><span class="line"><span class="cl"> └─────────────────┘ </span></span></code></pre></td></tr></table> </div> </div><h2 id="-快速开始">🚀 快速开始</h2> <h3 id="前置要求">前置要求</h3> <ul> <li>macOS (在macOS 14+上测试)</li> <li>Docker Desktop</li> <li>Docker Compose</li> <li>Python 3.8+</li> <li>Node.js 16+</li> <li>Git</li> </ul> <h3 id="安装">安装</h3> <h4 id="选项1完整设置包含wazuh-siem">选项1：完整设置（包含Wazuh SIEM）</h4> <ol> <li> <p><strong>克隆仓库</strong></p> https://blog.qife122.com/p/%E6%96%B0%E6%89%8B%E5%AE%B6%E5%BA%AD%E6%A3%80%E6%B5%8B%E5%B7%A5%E7%A8%8B%E5%AE%9E%E9%AA%8C%E5%AE%A4%E6%90%AD%E5%BB%BA%E6%8C%87%E5%8D%97/ Wed, 10 Sep 2025 09:56:50 +0800 https://blog.qife122.com/p/%E6%96%B0%E6%89%8B%E5%AE%B6%E5%BA%AD%E6%A3%80%E6%B5%8B%E5%B7%A5%E7%A8%8B%E5%AE%9E%E9%AA%8C%E5%AE%A4%E6%90%AD%E5%BB%BA%E6%8C%87%E5%8D%97/ <h1 id="家庭检测工程实验室搭建指南新手向">家庭检测工程实验室搭建指南（新手向）</h1> <p>| Niccolo Arboleda | 特邀作者</p> <p>Niccolo Arboleda是多伦多大学的网络安全爱好者和学生。他通常在家中的实验室里研究各种网络安全工具并开展项目。他热衷于保护关键基础设施免受网络攻击。</p>