Is the training Qualiopi certified?

Yes, Learni is a Qualiopi-certified training organization. This certification guarantees the quality of our courses and enables funding through OPCO and other mechanisms.

What is the duration of the Training Wazuh - Master Advanced SIEM Monitoring training?

The Training Wazuh - Master Advanced SIEM Monitoring training takes place over 35 hours. The program is structured in progressive modules for optimal skill development.

How can I fund my training?

Our courses are eligible for OPCO funding. Learni supports you through the funding process. A personalized quote is available upon request.

What are the prerequisites for this training?

The prerequisites for the Training Wazuh - Master Advanced SIEM Monitoring training are: Linux/Unix knowledge, cybersecurity basics, experience with monitoring tools like ELK. A preliminary interview validates your eligibility.

What are the objectives of the Training Wazuh - Master Advanced SIEM Monitoring training?

The objectives of the Training Wazuh - Master Advanced SIEM Monitoring training are: Install and configure a centralized Wazuh server. Deploy Wazuh agents on multiple endpoints. Customize intrusion detection rules. Analyze logs and alerts in real-time. Integrate Wazuh with Kibana for advanced dashboards. Automate incident responses via Active Response. Optimize PCI-DSS and GDPR compliance. Upon completion, you will be able to put these skills into practice.

Is the training available in person?

Yes, the Training Wazuh - Master Advanced SIEM Monitoring training is available in in-person. The format can be adapted to your needs (inter, intra, custom).

Training Wazuh - Master Advanced SIEM Monitoring | Learni

The story of Learni

Founded by passionate advocates of learning and innovation, Learni set out to make professional training accessible to everyone, everywhere in the world. Our team works in the largest cities such as Paris, Lyon, Marseille, and internationally, to support talents and organizations in their skills development.

Configure your training

Response within 24hNo commitment100% free

8 spots remaining for the next session

FormatParticipantsDateDetails

Which format do you prefer?

Methods, approaches, and teaching resources

The Training Wazuh - Master Advanced SIEM Monitoring training is delivered in-person or remotely (blended-learning, e-learning, virtual classroom, remote in-person). At Learni, a Qualiopi-certified training organization, each program is designed to maximize skills acquisition, regardless of the training mode chosen.

The trainer alternates between demonstrative, interrogative, and active methods (through practical exercises and/or real-world scenarios). This pedagogical approach ensures concrete and directly applicable learning in the workplace.

Teaching resources provided

To ensure the quality of the Training Wazuh - Master Advanced SIEM Monitoring training, Learni provides the following teaching resources:

Mac or PC computers, high-speed fiber internet, whiteboard or flipchart, video projector or interactive touchscreen (for remote sessions)
Training environments installed on workstations or accessible online
Course materials, practical exercises, and supplementary resources
Post-training access to materials and teaching resources

For in-house training at a location external to Learni, the client ensures and commits to having all necessary teaching materials (IT equipment, internet connection...) for the proper conduct of the training action in accordance with the prerequisites indicated in the communicated training program.

* contact us for remote feasibility** ratio varies depending on the training followed

Assessment methods

The assessment of skills acquired during the Training Wazuh - Master Advanced SIEM Monitoring training is carried out through:

During training: case studies, practical exercises, and professional scenarios
At the end of training: self-assessment questionnaire and skills evaluation by the trainer
After training: training completion certificate detailing acquired skills

Training accessibility

Learni is committed to the accessibility of its professional training programs. All our training programs are accessible to people with disabilities. Our teams are available to adapt teaching methods to your specific needs. Do not hesitate to contact us for any accommodation request.

Training access terms and deadlines

Training program

Module 1Wazuh Installation: Server and Agents Deployment (Docker tools, REST API)

Dive into the quick installation of a Wazuh cluster via Docker, configure agents on Linux and Windows, test real-time connectivity, perform practical exercises on virtual VMs, generate your first monitored logs, and validate deliverables with a basic operational dashboard, all for smooth and secure production deployment.

Module 2Agent and Collector Management: Logs, FIM, SCA (syscheck, auditd tools)

Master endpoint supervision, deploy collectors for critical files, configure File Integrity Monitoring and Security Configuration Assessment, fine-tune policies via the web interface, simulate attacks to test collection, produce detailed reports, and optimize performance for comprehensive coverage of your infrastructure.

Module 3Rules and Decoders: Threat Detection (regex tools, CDB lists)

Create custom rules to detect zero-day intrusions, dissect logs with advanced decoders, integrate dynamic threat lists, analyze real cases like vulnerability scans, test in the lab with tools like Metasploit, and deploy intelligent alert thresholds to reduce false positives.

Module 4Alerts and Visualizations: Kibana and OSSEC (Elasticsearch, Grafana tools)

Build interactive dashboards in Kibana, segment alerts by criticality, explore event correlations, generate real-time visualizations for SOC analysis, integrate CSV/PDF exports, practice on real phishing and malware scenarios, and automate Slack/Email notifications for immediate responsiveness.

Module 5Advanced Integrations: Active Response, Compliance (API tools, Python scripts)

Integrate Wazuh with third-party tools like Splunk or TheHive, enable automated responses to block malicious IPs, audit PCI-DSS/GDPR compliance via automated scans, develop custom Python scripts, simulate a full incident investigation, and conclude with a deliverable final project ready for production.