π Automated Wazuh rule deployment pipeline with GitHub, XML validation & Telegram alerts
β‘ 158 views Β· π SecOps & Security Automation
Description
π Say Goodbye to Manual Rule Deployments in Wazuh!
Just Commitβ Let Your Pipeline AutoβDeploy via GitHub + n8n π―
π¨βπ» Tired of This Endless Cycle?
Create rule β Validate β Copy to server β Restart Wazuh β Notify team
Repeat that every week β youβre spending more time deploying than detecting.
What if one GitHub commit could do it all automatically? β Validate β Deploy β Restart β Notify β without touching the server.
Well, this workflow does just that.
π₯ Presenting: β‘οΈ GitβPowered Wazuh Rule Deployment Using n8n
π§ What This Workflow Does in 10 Seconds β Automatically:
β Watches GitHub commits β triggers only if the message contains #deploy-wazuh
β Checks if commit author is allowed
β Sends contextual SOC notifications about deployment attempt
π§ͺ Downloads & validates rule XML using xmllint
π¦ Uploads to Wazuh Manager node only if validation succeeds
β»οΈ Restarts Wazuh Manager and verifies loading
π’ Sends alert to your team on Telegram (or other medium) with result: success/failure & reasons
π§ Why Detection Engineers Will Love This:
β±οΈ Saves hours weekly β Just commit & chill
π Zeroβdelay deployments β Go live instantly
π§ͺ Stops bad rules before they crash your SIEM
π Rapid iteration β build, commit, done
π§ No babysitting β Pipeline handles everything
π Informative alerts like: βRule custom_malware_alert.xml deployed by Mariskarthick β Validation β β Restart π Completedβ
π Perfect For:
π‘οΈ Detection Engineers deploying rules weekly
π’ MSSPs with multiple Wazuh environments
π¨ Threat Intel teams needing rapid turnaround
π₯ This Isnβt Just Automation β Itβs Detection Engineering at Its Finest. Let your GitHub commits trigger realβtime rule deployment β with validation, restart, and SOC alerts builtβin.
Commit. Deploy. Detect.
Created by Mariskarthick M Senior Security Analyst | Detection Engineer | Threat Hunter | Open-Source Enthusiast
π Nodes Used
Github Trigger, HTTP Request, Telegram, SSH
π₯ Import
Download workflow.json and import into n8n:
Workflow menu β Import from File