CR-2026-02-26: Wazuh SIEM Network Integration

Change Summary

CR ID

CR-2026-02-26-001

Date

2026-02-26

Priority

Type

SIEM Integration

Status

In Progress

Objective

Integrate all network infrastructure with Wazuh SIEM for centralized security monitoring, compliance logging, and incident response.

Scope

Network Infrastructure (Syslog)

Device	Type	IP	Status
pfSense-01	Firewall	10.50.1.1	SENDING
ISE-01	NAC	10.50.1.20	PENDING
9800-WLC	Wireless	10.50.1.40	PENDING
C9300-01	Core Switch	10.50.1.11	PENDING
3560CX-01	Access Switch	10.50.1.10	PENDING
bind-01	DNS	10.50.1.90	PENDING

Device

Type

Status

pfSense-01

Firewall

10.50.1.1

SENDING

ISE-01

NAC

10.50.1.20

PENDING

9800-WLC

Wireless

10.50.1.40

PENDING

C9300-01

Core Switch

10.50.1.11

PENDING

3560CX-01

Access Switch

10.50.1.10

PENDING

bind-01

DNS

10.50.1.90

PENDING

Servers (Wazuh Agent)

vault-01, kvm-01, ipa-01, keycloak-01, k3s-master-01, home-dc01, nas-01

Workstations (Wazuh Agent)

modestus-razer, modestus-aw, modestus-p50

Key Blocker Identified

Archives not indexing in OpenSearch

Data reaches /var/ossec/logs/archives/archives.log but is NOT being indexed. No wazuh-archives-4.x-2026.02.26 indices exist.