An open-source Helm chart that wraps Wazuh agents with Kubernetes-native enforcement — CIS, NIST 800-53, PCI-DSS, HIPAA, SOC2, MITRE ATT&CK runtime detection, admission webhook, and a remediation CronJob — all from one deploy.
An open-source Helm chart that wraps Wazuh agents with Kubernetes-native enforcement — CIS, NIST 800-53, PCI-DSS, HIPAA, SOC2, MITRE ATT&CK runtime detection, admission webhook, and a remediation CronJob — all from one deploy.
A custom Wazuh rule pack and reproducible Docker lab that pairs a stock Wazuh agent with a Tetragon eBPF sidecar to catch what stock Wazuh cannot — short-lived process exec, fileless memfd payloads, sub-second TCP connects, kernel module loads, bpf() syscall use, sensitive-file argv reads, setuid escalation. 1 decoder family, 15 rules, 4 distros, 1.59M events validated.
A custom Wazuh rule pack and reproducible Docker lab that catches browser-side shadow AI on developer endpoints — DNS lookups, TLS egress, extension manifests, and native messaging hosts. 4 decoders, 15 rules, MITRE ATT&CK mapped, validated live on Wazuh 4.14.5.
A custom Wazuh rule pack and reproducible Docker lab that catches rogue MCP servers, shadow AI agent activity, and indirect prompt-injection chains on engineering endpoints. 6 decoders, 17 rules, MITRE ATT&CK mapped, validated live on Wazuh 4.14.5.