Toggle navigation
Guilgo Blog
☾
All Posts
tips
ARCHIVE
ABOUT
Guilgo Blog
Notes from my daily work with technology.
Auditing Kubernetes with Wazuh: API server audit logs to the SIEM step by step
Webhook, audit policy and rules to send Kubernetes audit logs to Wazuh and alert on resource create/delete
Step-by-step guide to audit Kubernetes with Wazuh: API server audit logs to the SIEM, webhook listener, audit policy and rules in local_rules.xml. Kubernetes security monitoring.
Posted by David Guillermo on Thursday, February 26, 2026
Sysadmin, self-taught by curiosity.
FEATURED TAGS
docker
kubernetes
linux
microsoft
monitoring
powershell
security
sysadmin
telegram
wazuh
wsus
