Implementasi Prototipe SIEM Berbasis Wazuh pada Website dengan Pengujian FIM dan Threat Hunting

Article Sidebar

PDF (Bahasa Indonesia)
Published: Dec 31, 2025
DOI: https://doi.org/10.62527/jitsi.6.4.523
Keywords:
SIEM, Wazuh, Threat hunting, File integrity monitoring (FIM)

Main Article Content

Nurmi Hidayasari
Politeknik Negeri Bengkalis
Mansur
Politeknik Negeri Bengkalis
Kasmawi
Politeknik Negeri Bengkalis
Zuliar Efendi
Politeknik Negeri Bengkalis

Abstract

This study implements a Wazuh-based Security Information and Event Management (SIEM) prototype to enhance security monitoring for a web application. The architecture uses two VPS instances: a web server as the log source equipped with a Wazuh Agent, and a monitoring server running the Wazuh Manager and Dashboard for event analysis and visualization. The evaluation combines threat hunting and File Integrity Monitoring (FIM) using several test scenarios: OWASP ZAP scanning, XSS, SQL injection (login-form testing and automated sqlmap attacks), and SSH brute force using hydra. The results show that Wazuh successfully detects XSS via rule 31105 (level 6) and sqlmap-based SQL injection via rule 31106 (level 6) because the attack patterns are clearly recorded in the web access logs. SSH brute force is strongly detected by rule 5763 (level 10), indicating repeated failed login attempts. In addition, FIM records file changes such as added and modified files (e.g., rules 554/550); however, it may generate noise when monitoring dynamic directories. The SQL injection attempt through the login form does not produce a specific SQL injection alert, suggesting limitations in log visibility/format and the need for decoder/ruleset tuning. Overall, Wazuh is effective for log-based security monitoring, while detection quality depends on log completeness, rule configuration, and FIM scope.

Article Details

How to Cite
Hidayasari, N., Mansur, Kasmawi, & Efendi, Z. (2025). Implementasi Prototipe SIEM Berbasis Wazuh pada Website dengan Pengujian FIM dan Threat Hunting. JITSI : Jurnal Ilmiah Teknologi Sistem Informasi, 6(4), 372 - 382. https://doi.org/10.62527/jitsi.6.4.523
Issue
Vol. 6 No. 4 (2025)
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

References

[1] OWASP, “OWASP Top Ten 2021,” 2021, [Online]. Available: https://owasp.org/www-chapter-minneapolis-st-paul/download/20211216_OWASP-MSP_OWASP_Top_Ten_2021.pdf
[2] W. Stallings, Network Security Essentials : Applications and Standards, Fourt. Pearson Education, Inc., publishing, 2011.
[3] K. Kent and M. Souppaya, “Guide to Computer Security Log Management,” Nist Spec. Publ., 2006, [Online]. Available: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-92.pdf
[4] M. R. Kamal and M. A. Setiawan, “Deteksi Anomali dengan Security Information and Event Management (SIEM) Splunk pada Jaringan UII,” Automata, vol. 2, no. 2, pp. 1–6, 2021.
[5] I. Kotenko and A. Chechulin, “Attack Modeling and Security Evaluation in SIEM Systems,” Int. Trans. Syst. Sci. Appl., vol. 8, no. December, pp. 129–147, 2012.
[6] A. Vazão, L. Santos, M. B. Piedade, and C. Rabadão, “SIEM open source solutions: A comparative study,” Iber. Conf. Inf. Syst. Technol. Cist., vol. 2019-June, 2019, doi: 10.23919/CISTI.2019.8760980.
[7] M. D. Pratama, F. Nova, and D. Prayama, “Wazuh sebagai Log Event Management dan Deteksi Celah Keamanan pada Server dari Serangan Dos,” JITSI J. Ilm. Teknol. Sist. Inf., vol. 3, no. 1, pp. 1–7, 2022, doi: 10.30630/jitsi.3.1.59.
[8] A. Alhafidz and D. Haryanto, “Sistem Operasi Monitoring Server Menggunakan WAZUH,” Karimah Tauhid, vol. 3, no. 10, pp. 11513–11517, 2024, doi: 10.30997/karimahtauhid.v3i10.15090.
[9] A. Alanda, H. . Mooduto, and R. Hadi, “Real-time Defense Against Cyber Threats: Analyzing Wazuh’s Effectiveness in Server Monitoring,” JITCE (Journal Inf. Technol. Comput. Eng., vol. 7, no. 2, pp. 56–62, 2023, doi: 10.25077/jitce.7.2.56-62.2023.
[10] M. R. T. Hidayat, N. Widiyasono, and R. Gunawan, “Optimasi Deteksi Malware Pada Siem Wazuh Melalui Integrasi Cyber Threat Intelligence Dengan Misp Dan Dfir-Iris,” J. Inform. dan Tek. Elektro Terap., vol. 13, no. 1, 2025, doi: 10.23960/jitet.v13i1.5686.
[11] F. A. Saputra, T. R. Dharmawan, and A. Rustianto, “Implementasi Wazuh SIEM Untuk Manajemen Log Event di Pesantren Teknologi Informasi dan Komunikasi Jombang,” J. Inform. Terpadu, vol. 6, no. 1, pp. 29–37, 2024, [Online]. Available: https://journal.nurulfikri.ac.id/index.php/JIT
[12] Wazuh, “Wazuh documentation: Ruleset,” Wazuh Documentation. [Online]. Available: https://documentation.wazuh.com/current/user-manual/ruleset/index.html
[13] B. Haryanto and D. W. Chandra, “Implementasi Wazuh Integritas File untuk Perlindungan Keamanan Berdasarkan Aktivitas Log di BTSI UKSW,” J. Indones. Manaj. Inform. dan Komun., vol. 5, no. 1, pp. 183–192, 2024, doi: 10.35870/jimik.v5i1.447.
[14] A. Shafiyyah, “Implementasi Sistem Keamanan Jaringan Di Psdku Universitas Lampung Waykanan Menggunakan Server Wazuh Untuk Deteksi Dan Respon Serangan Siber,” Skripsi, 2024.
[15] R. Aditya, Y. Muhyidin, and D. Singasatia, “Implementasi Security Information And Event Management (SIEM) Untuk Monitoring Keamanan Server Menggunakan Wazuh,” J. Ris. Sist. Inf. dan Tek. Inform., vol. 2, no. 5, pp. 137–144, 2024.
[16] M. Ramli and B. Soewito, “Monitoring dan Evaluasi Keamanan Jaringan Dengan Pendekatan System Information and Security Management (SIEM),” Fakt. Exacta, vol. 16, no. 1, pp. 50–56, 2023, doi: 10.30998/faktorexacta.v16i1.16534.
[17] OWASP, “ZAP Documentation.” [Online]. Available: https://www.zaproxy.org/