[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-36143":3,"doc-seo-36143":28},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":4,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":11,"language":21,"language_code":22,"site_id":23,"html_lang":22,"table_of_contents":24,"faqs":25,"seo_title":13,"seo_description":14,"update_tm":26,"read_time":27},36143,549758146520,"Patrick","https://ap-avatar.wpscdn.com/avatar/80002397d8c0411e94?_k=1775819394049821470",6,"Technology","Automating Malware Detection and Response via Real-Time Threat Feed Integration with Wazuh SIEM","The paper introduces an open-source modular framework that strengthens the Wazuh Security Information and Event Management (SIEM) system by integrating real-time threat intelligence feeds to improve malware detection and automate incident response. It dynamically queries live Indicators of Compromise (IOCs) from VirusTotal and AbuseIPDB to enrich incoming log events. A threshold-based correlation engine generates precise alerts, while active response scripts mitigate threats through IP blocking and file quarantine. Evaluation in a controlled enterprise-like environment shows a 95.0% detection rate, 94.2% alert precision, and 2.8 s average mitigation delay.","","cbCaimIkgb20luLu","https://ap.wps.com/l/cbCaimIkgb20luLu","pdf",2885056,1,"English","en",105,"# Introduction\n## Problem with Traditional SIEM Rules\n## Role of Threat Intelligence in Detection\n## Proposed Framework and Contributions\n# Related Work\n## Threat Intelligence in SIEM","[{\"question\":\"How does the proposed system improve malware detection in Wazuh SIEM?\",\"answer\":\"It enriches SIEM log events in real time by dynamically querying live Indicators of Compromise (IOCs) from VirusTotal and AbuseIPDB.\"},{\"question\":\"What is the purpose of the correlation engine in the framework?\",\"answer\":\"A custom correlation engine evaluates enriched logs using threshold-based rules to produce accurate alerts for known threats.\"},{\"question\":\"What active response actions does the system perform after detecting threats?\",\"answer\":\"Active response scripts mitigate incidents by blocking malicious IPs and quarantining suspicious files to reduce exposure time.\"}]",1782854004,15,null]