Integration of Wazuh and Suricata with Telegram for Enhanced Threat Detection and Multiple Attack Notifications

Abstract

The rise of connected devices over the internet has led to an increase in attacks on users, compromising their information exchange and revealing sensitive data. Modern cyber threats are becoming increasingly sophisticated and severe, taking advantage of security vulnerabilities in interconnected systems. With the growing complexity of cyber threats, effective threat detection systems are essential for maintaining network security. To improve the detection of various attack types and provide real- time warnings via Telegram, this project focuses on integrating Wazuh which is a security information and event management (SIEM) platform, with Suricata, a powerful network intrusion detection and prevention system (IDS/IPS). By offering a complete solution for log management and multi-attack detection, the integration seeks to strengthen an organization's entire security posture. From system analysis and design to implementation and testing, the process adheres to the Software Development Life Cycle (SDLC). To evaluate the effectiveness of the integrated system, several attack simulations were carried out, including DoS attacks (ICMP Ping and SYN flood), FTP brute-force attacks, and port-scanning activities. The system successfully detected all these attacks. This study highlights the strengths and limitations of integrating Wazuh with Suricata, providing valuable insights for future research aimed at developing more robust intrusion detection systems.