Even though the set of decoders and rules provided out-of-the-box in Wazuh may be quite good, however there will always be a need to build custom decorders to look at logs from a specific source or of a new type.

The power of the decoders is mainly the Regex library that can be used to match just about anything and hence ingest any type of logs into Wazuh.

Having implemented Wazuh will require you to build this skill to modify and write new decoders and rules which requires a lot of learning and practice. K-Secure’s course “Wazuh Decoders and Rules” is just meant for the same as it teaches the right skills required followed by assistance in keeping a regular practice as an added service.