mariskarthick

mariskarthick

Automated Wazuh Rule Deployment Pipeline with GitHub, XML Validation & Telegram Alerts

πŸš€ Say Goodbye to Manual Rule Deployments in Wazuh!

Just Commit β€” Let Your Pipeline Auto‑Deploy via GitHub + n8n 🎯

πŸ‘¨β€πŸ’» Tired of This Endless Cycle?

Create rule β†’ Validate β†’ Copy to server β†’ Restart Wazuh β†’ Notify team

Repeat that every week β€” you're spending more time deploying than detecting.

What if one GitHub commit could do it all automatically?
βœ… Validate
βœ… Deploy
βœ… Restart
βœ… Notify
β€” without touching the server.

Well, this workflow does just that.

πŸ”₯ Presenting:
⚑️ Git‑Powered Wazuh Rule Deployment Using n8n


🧠 What This Workflow Does in 10 Seconds β€” Automatically:

βœ… Watches GitHub commits β€” activates only if the message contains #deploy-wazuh

βœ… Checks if commit author is allowed

βœ… Sends contextual SOC notifications about deployment attempt

πŸ§ͺ Downloads & validates rule XML using xmllint

πŸ“¦ Uploads to Wazuh Manager node only if validation succeeds

♻️ Restarts Wazuh Manager and verifies loading

πŸ“’ Sends alert to your team on Telegram (or other medium) with result: success/failure & reasons


🧠Why Detection Engineers Will Love This:

⏱️ Saves hours weekly β€” Just commit & chill

πŸ•’ Zero‑delay deployments β€” Go live instantly

πŸ§ͺ Stop bad rules before they crash your SIEM

πŸ” Rapid iteration β€” build, commit, done

🧘 No babysitting β€” Pipeline handles everything

πŸ“Š Informative alerts like:
"Rule custom_malware_alert.xml deployed by Mariskarthick – Validation βœ… – Restart πŸ” Completed"


πŸ“Œ Perfect For:

πŸ›‘οΈ Detection Engineers deploying rules weekly

🏒 MSSPs with multiple Wazuh environments

🚨 Threat Intel teams needing rapid turnaround


πŸ’₯ This Isn't Just Automation β€” It's Detection Engineering at Its Finest.
Let your GitHub commits trigger real‑time rule deployment β€” with validation, restart, and SOC alerts built‑in.

Commit. Deploy. Detect.


Created by Mariskarthick M
Senior Security Analyst | Detection Engineer | Threat Hunter | Open-Source Enthusiast

Do you want to automate your business?

Let's talk about your project