Automated Defense Against Application-Layer Attacks on Windows Systems Using Wazuh and Shuffle

Aastha Thakker; Aditya More; Kapil Kumar

doi:10.36079/lamintang.ijeste-0801.842

Automated Defense Against Application-Layer Attacks on Windows Systems Using Wazuh and Shuffle

Aastha Thakker
Aditya More https://orcid.org/0000-0002-3881-0784
Kapil Kumar

DOI: https://doi.org/10.36079/lamintang.ijeste-0801.842

Keywords: Automated Security Orchestration, Log Correlation, SIEM, SOAR, Wazuh

Abstract

Application-layer attacks targeting Windows systems remain a significant threat due to their ability to bypass traditional perimeter defenses. These attacks often exploit vulnerabilities listed in the OWASP Top 10 for desktop applications, demanding proactive defense mechanisms. This paper proposes a unified approach that combines SIEM and SOAR capabilities to detect and respond to Windows-based application-layer threats with increased efficiency and automation. The framework integrates the open-source SIEM platform Wazuh with the SOAR engine Shuffle to automate threat detection and incident response. A layered defense strategy is implemented, involving log correlation, rule-based policy enforcement, and playbook-driven response automation. The integration reduces manual triage overhead and enhances response time compared to traditional SOC patterns. This framework demonstrates a scalable, open-source-based solution for defending Windows environments at the application layer. It sets the groundwork for future integration of AI-driven analytics, multi-OS support, and tamper-proof event lo event logging using blockchain technologies.

Downloads

Download data is not yet available.

Author Biographies

Aastha Thakker

Department of Biochemistry and Forensic Science, Gujarat University. Ahmedabad, India.

Aditya More

Department of Biochemistry and Forensic Science, Gujarat University. Ahmedabad, India.

Kapil Kumar

Department of Biochemistry and Forensic Science, Gujarat University. Ahmedabad, India.

This is an open access article, licensed under CC-BY-SA

Published

2025-06-28

Downloads : 235

How to Cite

[1]

A. Thakker, A. More, and K. Kumar, “Automated Defense Against Application-Layer Attacks on Windows Systems Using Wazuh and Shuffle”, International Journal of Education, Science, Technology, and Engineering, vol. 8, no. 1, pp. 45-57, Jun. 2025.

Download Citation

Issue

Vol 8 No 1: June 2025

Section

Articles

References

S. Waelchli and Y. Walter, “Reducing the risk of social engineering attacks using SOAR measures in a real-world environment: A case study,” Computers & Security, vol. 148, p. 104137, Sep. 2024.

S.-H. Park et al., “Performance evaluation of open-source endpoint detection and response combining Google Rapid Response and Osquery for threat detection,” IEEE Access, vol. 10, pp. 20259–20269, Feb. 2022.

C. Erdivan, Process, Technology and Human Aspects of a Security Operations Center, METU/II-TR-2024, Technical Report, Informatics Institute, Middle East Technical University, Jan. 2024.

H. Javid, “Practical applications of Wazuh in on-premises environments,” Bachelor's thesis, School of Engineering, JAMK Univ. of Appl. Sci., Jyväskylä, Finland, 2024.

Jumiaty and B. Soewito, “SIEM and threat intelligence: Protecting applications with Wazuh and TheHive,” Int. J. Adv. Comput. Sci. Appl. (IJACSA), vol. 15, no. 9, pp. 239–251, Sep. 2024.

C. Bassey, E. T. Chinda, and S. Idowu, “Building a scalable security operations center: A focus on open-source tools,” J. Eng. Res. Rep., vol. 26, no. 7, pp. 196–209, 2024.

O. Abiade, “Cybersecurity automation: Streamlining incident response,” EasyChair Preprints, no. 14368, Aug. 2024.

S. Kasturi, X. Li, P. Li, and J. Pickard, “Predicting attack paths from application security vulnerabilities using a multi-layer perceptron,” Am. J. Softw. Eng. Appl., vol. 12, no. 1, pp. 23–35, May 2024.

A. H. Washo, “An interdisciplinary view of social engineering: A call to action for research,” Comput. Hum. Behav. Rep., vol. 4, p. 100126, 2021.

S. Stanković, S. Gajin, and R. Petrović, “A review of Wazuh tool capabilities for detecting attacks based on log analysis,” in IX Int. Conf. IcETRAN, Jun. 2022, pp. 6–9.

Wazuh, “Installing the Wazuh central components.” [Online]. Available: https: //documentation.wazuh.com/current/installation-guide/index.html. [Accessed: Feb. 2025].

M. Sheeraz et al., “Effective security monitoring using efficient SIEM architecture,” Hum.-Centric Comput. Inf. Sci., vol. 13, p. 17, 2023.

OWASP, “OWASP Top 10,” 2021. [Online]. Available: https: //owasp.org/www-project-desktop-app-security-top-10/. [Accessed: Jan. 2025].

Reversing Labs, “How to evaluate threat intelligence feeds,” Reversing Labs, [Online]. Available: https: //www.reversinglabs.com/resources/how-to-evaluate-threat-intelligence-feeds

NIST, “Framework for improving critical infrastructure cybersecurity.” [Online]. Available: https: //www.nist.gov/cyberframework. [Accessed: Feb. 2025].

MITRE ATT&CK. [Online]. Available: https: //attack.mitre.org/. [Accessed: Jan. 2025].

A. Georgiadou, S. Mouzakitis, and D. Askounis, “Assessing MITRE ATT&CK risk using a cybersecurity culture framework,” Sensors, vol. 21, no. 9, 2021.

D. S. Mary, L. J. S. Dhas, A. R. Deepa, M. A. Chaurasia, and C. J. J. Sheela, “Network intrusion detection: An optimized deep learning approach using big data analytics,” Expert Syst. Appl., vol. 243, 2024.

G. González-Granadillo, S. González-Zarzosa, and R. Diaz, “Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures,” Sensors, vol. 21, no. 14, p. 4759, Jul. 2021.

S. A. Utari, V. Ardia, Jamiati, and D. Fitria, “How an organization should implement risk communication in response to cyber attack in Indonesia,” J. Educ., vol. 5, no. 4, pp. 14314–14328, 2023.