Experimental Evaluation of Wazuh-Grafana Integration for Real-Time Cyber Threat Detection in Resource-Constrained Environments
DOI:
https://doi.org/10.30871/jaic.v9i5.10404Keywords:
Brute-force attack, Cyber threat detection, Grafana, Real-time SIEM, WazuhAbstract
This research evaluates the performance of integrating Wazuh, an open-source Security Information and Event Management (SIEM) platform, with Grafana, a real-time visualization tool, for cyber threat detection in resource-constrained environments. The objective is to assess detection accuracy, false positive rates, response times, and system efficiency under controlled experimental conditions. The testbed consisted of two virtual private servers (4 vCPUs, 4–8 GB RAM, 38–50 GB storage) and employed the CIC-IDS2017 dataset as a benchmark for simulating three representative attacks: brute-force, malware injection, and webshell exploitation. The results showed that the integrated system achieved 100% detection accuracy with 0% false positives across 30 trials, with an average total detection time of 3033 ms. Resource utilization remained low, with CPU usage below 35% and memory consumption under 25%, confirming feasibility for mid-range servers typical of small institutions. While these results underscore the system’s efficiency, the findings must be interpreted within the limitations of a laboratory environment where predefined signatures were used. Performance in real-world networks with diverse traffic and unknown threats may differ, and further validation is required. This study makes two key contributions: (1) it provides the first structured quantitative benchmark of Wazuh-Grafana integration in constrained environments using a standardized dataset, and (2) it offers practical recommendations for small and medium-sized institutions, including minimum system requirements and guidelines for dashboard configuration. These findings reinforce the role of open-source solutions as affordable, adaptive, and effective alternatives to commercial SIEM systems, particularly for organizations with limited cybersecurity budgets.
Downloads
References
[1] T. Liebetrau and L. Monsees, “Cybersecurity and International Relations: developing thinking tools for digital world politics,” Int. Aff., vol. 100, no. 6, pp. 2303–2315, Nov. 2024, doi: 10.1093/ia/iiae232.
[2] S. S. Tirumala, N. Nepal, and S. K. Ray, “Raspberry Pi-based Intelligent Cyber Defense Systems for SMEs and Smart-homes: An Exploratory Study,” EAI Endorsed Trans. Smart Cities, vol. 6, no. 18, p. e4, Aug. 2022, doi: 10.4108/eetsc.v6i18.2345.
[3] A. Piazza, S. Vasudevan, and M. Carr, “Cybersecurity in UK Universities: mapping (or managing) threat intelligence sharing within the higher education sector,” J. Cybersecurity, vol. 9, no. 1, Jan. 2023, doi: 10.1093/cybsec/tyad019.
[4] B. Wibowo, A. Nurrohman, and L. Hafiz, “Deep Learning in Wazuh Intrusion Detection System to Identify Advanced Persistent Threat (APT) Attacks,” Int. J. Sci. Educ. Cult. Stud., vol. 4, no. 1, pp. 1–10, Jan. 2025, doi: 10.58291/ijsecs.v4i1.311.
[5] C. MACANEATA, “Overview of Security Information and Event Management Systems,” Inform. Econ., vol. 28, no. 1/2024, pp. 15–24, Mar. 2024, doi: 10.24818/issn14531305/28.1.2024.02.
[6] M. R. Islam and R. Rafique, “Wazuh SIEM for Cyber Security and Threat Mitigation in Apparel Industries,” Int. J. Eng. Mater. Manuf., vol. 9, no. 4, pp. 136–144, Oct. 2024, doi: 10.26776/ijemm.09.04.2024.02.
[7] Jumiaty and B. Soewito, “SIEM and Threat Intelligence: Protecting Applications with Wazuh and TheHive,” Int. J. Adv. Comput. Sci. Appl., vol. 15, no. 9, 2024, doi: 10.14569/IJACSA.2024.0150923.
[8] S. Moiz, A. Majid, A. Basit, M. Ebrahim, A. A. Abro, and M. Naeem, “Security and Threat Detection through Cloud-Based Wazuh Deployment,” in 2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC), Jan. 2024, pp. 1–5, doi: 10.1109/KHI-HTC60760.2024.10482206.
[9] M. Nas, F. Ulfiah, and U. Putri, “Analisis Sistem Security Information and Event Management (SIEM) Aplikasi Wazuh pada Dinas Komunikasi Informatika Statistik dan Persandian Sulawesi Selatan,” J. Teknol. Elekterika, vol. 20, no. 2, p. 92, Nov. 2023, doi: 10.31963/elekterika.v20i2.4536.
[10] C. Kurniawan and A. Triayudi, “Reconstruction and Detection of Gambling Web Defacement Attack Using Wazuh and Velociraptor,” in 2024 International Conference on Information Technology Research and Innovation (ICITRI), Sep. 2024, pp. 257–262, doi: 10.1109/ICITRI62858.2024.10699215.
[11] Z. S. Younus and M. Alanezi, “Detect and Mitigate Cyberattacks Using SIEM,” in 2023 16th International Conference on Developments in eSystems Engineering (DeSE), Dec. 2023, pp. 510–515, doi: 10.1109/DeSE60595.2023.10469387.
[12] F. I. F. Farrel, M. K. Is Mardianto, S.Si, and M. Ir. Adrian Sjamsul Qamar, “Implementation of Security Information & Event Management (SIEM) Wazuh with Active Response and Telegram Notification for Mitigating Brute Force Attacks on The GT-I2TI USAKTI Information System,” Intelmatics, vol. 4, no. 1, pp. 1–7, Feb. 2024, doi: 10.25105/itm.v4i1.18529.
[13] M. Monteros, J. F. Chuqui Quille, N. Benitez-Cacao, and P. Velez-Guerrero, “Implementar un sistema de gestión y análisis de seguridad con la herramienta Wazuh, en el Instituto Superior Universitario Tecnológico del Azuay,” Atenas Rev. Científica Técnica y Tecnológica, vol. 3, no. 1, 2024, doi: 10.36500/atenas.3.006.
[14] Kurniabudi, D. Stiawan, Darmawijoyo, M. Y. Bin Idris, A. M. Bamhdi, and R. Budiarto, “CICIDS-2017 Dataset Feature Analysis With Information Gain for Anomaly Detection,” IEEE Access, vol. 8, pp. 132911–132921, 2020, doi: 10.1109/ACCESS.2020.3009843.
[15] F. D. Utami and F. D. Astuti, “Comparison of Hadoop Mapreduce and Apache Spark in Big Data Processing with Hgrid247-DE,” J. Appl. Informatics Comput., vol. 8, no. 2, pp. 390–399, Nov. 2024, doi: 10.30871/jaic.v8i2.8557.
[16] M. R. A. Suhendi, Alfarizi, A. A. Sukmandhani, and Y. D. Prabowo, “Network Anomaly Detection Analysis using Artillery Honeypot and Wazuh SIEM,” in 2023 IEEE 9th International Conference on Computing, Engineering and Design (ICCED), Nov. 2023, pp. 1–6, doi: 10.1109/ICCED60214.2023.10425009.
[17] R. Amami, M. Charfeddine, and S. Masmoudi, “Exploration of Open Source SIEM Tools and Deployment of an Appropriate Wazuh-Based Solution for Strengthening Cyberdefense,” in 2024 10th International Conference on Control, Decision and Information Technologies (CoDIT), Jul. 2024, pp. 1–7, doi: 10.1109/CoDIT62066.2024.10708476.
[18] C. Bassey, E. T. Chinda, and S. Idowu, “Building a Scalable Security Operations Center: A Focus on Open-source Tools,” J. Eng. Res. Reports, vol. 26, no. 7, pp. 196–209, Jun. 2024, doi: 10.9734/jerr/2024/v26i71203.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Achmad Sutanto, Arif Rakhman
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) ) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
