🚀 Building an autonomous SIEM system overnight. Wazuh + LLMs + Elasticsearch + optional SOAR. Linux setup, code on screen, coffee & pizza on deck. HP vs Voldemort ⚡ on my left Logs flowing soon. The Watchtower is rising. #CyberSecurity #AI #Wazuh #LLM #FYP #BuildInPublic #siemphony - ThreadSky

moezmustafa.bsky.social • 60 days ago

🚀 Building an autonomous SIEM system overnight.
Wazuh + LLMs + Elasticsearch + optional SOAR.
Linux setup, code on screen, coffee & pizza on deck.
HP vs Voldemort ⚡ on my left

Logs flowing soon.

The Watchtower is rising.

#CyberSecurity #AI #Wazuh #LLM #FYP #BuildInPublic
#siemphony

Comments

moezmustafa.bsky.social•55 days ago

i am going in circles , need to slow down , take a breaks and debug my approach.
#siemphony #Docker #Wazuh #CyberSecurity #LLM #BuildInPublic

moezmustafa.bsky.social•55 days ago

Wazuh dashboard stuck at “not ready yet”

checked docker logs
traced it to the indexer not initializing .opendistro_security

turns out Docker mounted my certs as directories not files 🤦
wiped & recreated PEMs, then ran https://securityadmin.sh

#siemphony #Docker #Wazuh #CyberSecurity #LLM #BuildInPublic

moezmustafa.bsky.social•55 days ago

🛡️ The Alienware rig is prepped.
BitLocker fought hard, but Linux won the war.

Docker Wazuh SIEM is initializing.
Learned alot , made mistakes too

#siemphony #CyberSecurity #LLM #Wazuh #BuildInPublic

moezmustafa.bsky.social•56 days ago

After 3 years i turned back to windows. Only to install linux 10min later
Also BitLocker is a headache !!!

Setting up my Alienware , to run SIEM manager

#windows #LLM #Wazuh #BuildInPublic #apple #siem #ssh

moezmustafa.bsky.social•58 days ago

BTS : steup
Linux Box + Macbook Pro M2pro + iPad Air

#CyberSecurity #LLM #Wazuh #BuildInPublic #apple #ipad #ssh

moezmustafa.bsky.social•59 days ago

OK ! so #kibana exists

#CyberSecurity #LLM #Wazuh #BuildInPublic

moezmustafa.bsky.social•59 days ago

🔧 Integrated twist in #siemphony! Wazu need for a separate machines But for now i can go with one, as the wazu manager now watches over itself.

📈 Watchtower just got smarter.
Trying to setup a secure test environment to run attacks and parse logs

#CyberSecurity #LLM #Wazuh #BuildInPublic

moezmustafa.bsky.social•59 days ago

✅ Logs are flowing.

Replacing the “Scholar” with something more intentional:

🧠 Sentient — the LLM-powered brain of the system.
It reads logs, learns from threats, and writes custom Wazuh rules in real-time.

Phase 2 begins. Guardian is waking up.

#siemphony #CyberSecurity #LLM #FYP #BuildInPublic

moezmustafa.bsky.social•59 days ago

🔧 Tore down Wazuh.
🧹 Purged the broken stack.
🧠 Installed a full All-in-One SIEM on unsupported Linux
👁️ Fixed agents, configs, API, services.

Logs are flowing.

Next up: feeding them to an LLM and letting it write defensive rules live.

#siemphony #CyberSecurity #LLM #FYP #BuildInPublic

moezmustafa.bsky.social•59 days ago

Slept like a rock.
Out by 7am, worked till 1pm.
Cleared my head with a bike ride — air, wind, throttle, peace.
Came back to the desk, VS Code, terminal, and a dream.

Time to get wired in again

#siemphony #buildinpublic #ai #llm #100daysofcode #wazu

moezmustafa.bsky.social•60 days ago

✅ The Scholar is alive.
Parsed real Wazuh logs and asked LLM to explain them + generate new detection rules.

It suggested a sudo alert, failed login tracking, and session monitoring

first time I’ve seen my logs write their own defenses.

#siemphony #CyberSecurity #LLM #Wazuh #FYP #BuildInPublic

moezmustafa.bsky.social•60 days ago

🧠 Tried to activate the Scholar AI and hit a rate limit:
“You exceeded your current quota.”

Lesson: free OpenAI API keys only get you so far. Need to upgrade or use a local LLM next.

#siemphony #FYP #BuildInPublic #LLM #OpenAI

moezmustafa.bsky.social•60 days ago

✅ Logs parsed & simplified.
Hit a permissions error reading Wazuh logs — turned out they were root-protected.
Learned that security tools protect even their own outputs.

#siemphony #CyberSecurity #LLM #FYP #BuildInPublic

moezmustafa.bsky.social•60 days ago

✅ The Watchtower is live.
Wazuh SIEM stack installed and running. Logs flowing.

#siemphony #CyberSecurity #Wazuh #LLM #FYP #BuildInPublic

Comments

Posting Rules

Reply