Is the training Qualiopi certified?

Yes, Learni is a Qualiopi-certified training organization. This certification guarantees the quality of our courses and enables funding through OPCO and other mechanisms.

How can I fund my training?

Our courses are eligible for OPCO funding. Learni supports you through the funding process. A personalized quote is available upon request.

What are the prerequisites for this training?

The prerequisites for the Wazuh Training - Master the Powerful Open-Source SIEM training are: Linux proficiency, cybersecurity basics, Bash or Python scripting.. A preliminary interview validates your eligibility.

Is the training available in person?

Yes, the Wazuh Training - Master the Powerful Open-Source SIEM training is available in remote. The format can be adapted to your needs (inter, intra, custom).

Wazuh Training - Master the Powerful Open-Source... | Learni

The story of Learni

Founded by passionate advocates of learning and innovation, Learni set out to make professional training accessible to everyone, everywhere in the world. Our team works in the largest cities such as Paris, Lyon, Marseille, and internationally, to support talents and organizations in their skills development.

Configure your training

Response within 24hNo commitment100% free

9 spots remaining for the next session

FormatParticipantsDateDetails

Which format do you prefer?

Methods, approaches, and teaching resources

The Wazuh Training - Master the Powerful Open-Source SIEM training is delivered in-person or remotely (blended-learning, e-learning, virtual classroom, remote in-person). At Learni, a Qualiopi-certified training organization, each program is designed to maximize skills acquisition, regardless of the training mode chosen.

The trainer alternates between demonstrative, interrogative, and active methods (through practical exercises and/or real-world scenarios). This pedagogical approach ensures concrete and directly applicable learning in the workplace.

Teaching resources provided

To ensure the quality of the Wazuh Training - Master the Powerful Open-Source SIEM training, Learni provides the following teaching resources:

Mac or PC computers, high-speed fiber internet, whiteboard or flipchart, video projector or interactive touchscreen (for remote sessions)
Training environments installed on workstations or accessible online
Course materials, practical exercises, and supplementary resources
Post-training access to materials and teaching resources

For in-house training at a location external to Learni, the client ensures and commits to having all necessary teaching materials (IT equipment, internet connection...) for the proper conduct of the training action in accordance with the prerequisites indicated in the communicated training program.

* contact us for remote feasibility** ratio varies depending on the training followed

Assessment methods

The assessment of skills acquired during the Wazuh Training - Master the Powerful Open-Source SIEM training is carried out through:

During training: case studies, practical exercises, and professional scenarios
At the end of training: self-assessment questionnaire and skills evaluation by the trainer
After training: training completion certificate detailing acquired skills

Training accessibility

Learni is committed to the accessibility of its professional training programs. All our training programs are accessible to people with disabilities. Our teams are available to adapt teaching methods to your specific needs. Do not hesitate to contact us for any accommodation request.

Training access terms and deadlines

Training objectives

Configure and deploy a Wazuh server in cluster mode

Install and manage Wazuh agents on servers and endpoints

Create custom detection rules for advanced threats

Analyze logs and alerts via the Kibana interface

Integrate Wazuh with tools like ELK Stack or Threat Intel

Automate active responses to incidents

Optimize performance and scalability of the deployment

Training program

Module 1Wazuh Installation: Server and Agent Deployment (Docker, Ansible Tools)

Dive into the quick installation of a Wazuh server via Docker and Ansible, configure agents on Linux/Windows, test real-time connection with practical exercises on virtual labs, generate your first event logs, and validate proper functioning with automated checks, all for an operational start in the blink of an eye.

Module 2Rules and Decoding: Custom Detection (YAML Rules, FIM)

Create custom YAML rules to detect intrusions and malware, implement File Integrity Monitoring on critical files, analyze real breach cases like Log4Shell, test live with attack simulations, produce actionable alert reports, and fine-tune your decoders for surgical precision.

Module 3Advanced Analysis: Kibana Dashboards and Alerts (Vulnerascan, SCA)

Explore the Kibana interface to visualize alerts and metrics, configure custom dashboards for vulnerabilities and SCA compliance, analyze massive log flows with automated correlations, resolve real incident cases via proactive hunts, export audit-ready deliverables, and master queries to track zero-day threats.

Module 4Integrations and Optimization: Active Response, Scalability (API, Clusters)

Integrate Wazuh with ELK, OSSEC or Threat Intel feeds via REST API, activate automated responses like IP blocks, deploy in high-availability cluster, optimize for 10k+ agents with performance tuning, simulate extreme loads on labs, produce an enterprise rollout plan, and leave with a ready-to-scale POC.