WazuhForge — Decoder & Rule Generator

🛡️

WazuhForge

Decoder & Rule Generator

AI-POWERED

ANTHROPIC KEY

📋

Raw Log Input

Paste your log sample

Paste a representative log line. The AI will analyze its structure and generate appropriate decoder + rules.

Quick Examples

SSH Failed Login

Nginx Access

Windows Event

Palo Alto FW

Custom App

⚙️

Generation Options

Decoder Settings

DECODER NAME PREFIX

RULE ID START

RULE LEVEL (1-15)

ADDITIONAL CONTEXT (optional)

Generated Decoder XML

Waiting for input

XML — local_decoder.xml

// Generate a decoder from your log above to see the XML output here.

📁 Deploy to: /var/ossec/etc/decoders/local_decoder.xml

Generated Rules XML

Waiting for input

XML — local_rules.xml

// Rules will appear here after generation.

📁 Deploy to: /var/ossec/etc/rules/local_rules.xml

AI Explanation

Explanation will appear here after generation.

✅

Validation & Testing

💡 Test whether your log will be matched by the generated decoder and rules. Enter a test log line (can be the same or similar) and run validation.

Test Log Line

🚀

Deployment Guide

1 — SAVE DECODER

Copy decoder XML to /var/ossec/etc/decoders/local_decoder.xml

2 — SAVE RULES

Copy rules XML to /var/ossec/etc/rules/local_rules.xml

3 — TEST SYNTAX

/var/ossec/bin/wazuh-logtest

4 — RESTART WAZUH

systemctl restart wazuh-manager