Ta-SIEMPlus¶
Operational documentation for standardised Wazuh SIEM maintenance workflows. Developed and maintained by T-Alpha GmbH.
-
Web Tools
Browser-based tools for upgrades, checklists, agent management and maintenance logs. No server, no installation required.
-
Operations
Upgrade guides, runbooks and checklists for daily Wazuh AIO operations – from planning through to completion.
-
Configuration
Ready-made configuration templates for Manager, Agent, Indexer and Filebeat with a complete variable reference.
-
Quick Reference
Copy-paste commands for health checks, upgrades and diagnostics – for daily use in the terminal.
Workflow at a glance¶
| Step | Task | Tool |
|---|---|---|
| 1 · Preparation | Look up customer data | Catalog |
| 2 · Planning | Fill out the upgrade form | Web Tools |
| 3 · Execution | Run the runbook | Runbook AIO Ubuntu |
| 4 · Documentation | Capture health snapshot | Quick Reference |
| 5 · Completion | Close the change note | Change Note Template |
Core principles¶
| Principle | Description |
|---|---|
| No-Go Gates | Hard stop points: Disk > 90%, services not active, missing backup → no upgrade |
| Health Snapshots | System state fully documented before and after every change |
| Workflow Sync | Checklist and runbook must always be kept in sync |
| Secrets | Never plaintext – always reference vault://path/to/secret in the catalog |