creamson2/Wazuh-SIEM-Log-Ingestion-Detection-Pipeline

# Wazuh-SIEM-Log-Ingestion-Detection-Pipeline A visual walkthrough of how Sysmon logs flow through the Wazuh SIEM pipeline—from endpoint collection to rule matching, indexing, alerting, and investigation. Demonstrates my ability as a Security Analyst to understand log ingestion, detection logic, and alert workflows.# Wazuh-SIEM-Log-Ingestion-Detection-Pipeline A visual walkthrough of how Sysmon logs flow through the Wazuh SIEM pipeline—from endpoint collection to rule matching, indexing, alerting, and investigation. Demonstrates my ability as a Security Analyst to understand log ingestion, detection logic, and alert workflows. ## Why I Made This I created this visual to clearly show how Sysmon telemetry moves through the Wazuh SIEM pipeline—from collection on the endpoint to alert investigation in the dashboard. This demonstrates my understanding of log ingestion, detection logic, and how each Wazuh component contributes to the overall security workflow. ## How I Created It I mapped out the full event flow manually using ASCII formatting, then rendered it as a terminal-style screenshot to make it look authentic and aligned with how I actually work in my lab. This approach keeps the visual simple, believable, and easy to reference directly inside the README.