Incident Analysis: SSH Brute-Force Attack Detected by Wazuh

This lab was designed to simulate a real credential-based attack and observe how a host-based SIEM behaves during high-volume abuse. Instead of focusing on dashboards, I treated this like an actual SOC incident: attack happens first, investigation co...