From 4ff09f9456fc1b93904190bdb974f26695a443b1 Mon Sep 17 00:00:00 2001 From: Jamie Antoinette Date: Sat, 24 Jan 2026 22:19:54 +1100 Subject: [PATCH] Blue teams documentation with updated structure and categories for cleaner navigation --- .../Blue Team/Introduction to Blue Team.md | 6 ++++-- .../{wazuh-background.md => Wazuh Overview.md} | 13 ++++++++++--- .../{Wazuh Background => }/wazuh-powerpoint.mdx | 0 .../Email Infrastructure/_category_.json | 2 +- .../Production/Wazuh/Enhancements/_category_.json | 2 +- .../Research/CVE Threat Automation/_category_.json | 2 +- .../Blue Team/Research/Cowrie/_category_.json | 8 ++++++++ .../Blue Team/Research/ELF Stack/_category_.json | 8 ++++++++ .../Research/Graylog Setup/_category_.json | 2 +- .../Blue Team/Research/MISP/_category_.json | 2 +- .../Blue Team/Research/Pi-Hole/_category_.json | 8 ++++++++ .../Wazuh - MISP Integration/_category_.json | 2 +- .../Choosing-Both-Suricata-and-Wazuh.md | 0 .../Wazuh Agent Integration.pdf | Bin .../Wazuh Installation/_category_.json | 8 ++++++++ .../Wazuh Installation}/deploying-wazuh.mdx | 0 .../Wazuh Installation}/installing wazuh.md | 0 .../wazuh-implementation-guide.mdx | 0 .../Blue Team/Wazuh Background/_category_.json | 8 ++++++++ .../intrusion-detection-system.mdx | 0 .../Wazuh Background/wazuh-documentation.md | 0 21 files changed, 60 insertions(+), 11 deletions(-) rename docs/cybersecurity/Blue Team/Onboarding/{wazuh-background.md => Wazuh Overview.md} (92%) rename docs/cybersecurity/Blue Team/Onboarding/{Wazuh Background => }/wazuh-powerpoint.mdx (100%) create mode 100644 docs/cybersecurity/Blue Team/Research/Cowrie/_category_.json create mode 100644 docs/cybersecurity/Blue Team/Research/ELF Stack/_category_.json create mode 100644 docs/cybersecurity/Blue Team/Research/Pi-Hole/_category_.json rename docs/cybersecurity/Blue Team/{Onboarding => }/Wazuh Background/Choosing-Both-Suricata-and-Wazuh.md (100%) rename docs/cybersecurity/Blue Team/{Onboarding/Wazuh Background/Installing Wazuh => Wazuh Background/Wazuh Installation}/Wazuh Agent Integration.pdf (100%) create mode 100644 docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/_category_.json rename docs/cybersecurity/Blue Team/{Onboarding/Wazuh Background/Installing Wazuh => Wazuh Background/Wazuh Installation}/deploying-wazuh.mdx (100%) rename docs/cybersecurity/Blue Team/{Onboarding => Wazuh Background/Wazuh Installation}/installing wazuh.md (100%) rename docs/cybersecurity/Blue Team/{Onboarding/Wazuh Background/Installing Wazuh => Wazuh Background/Wazuh Installation}/wazuh-implementation-guide.mdx (100%) create mode 100644 docs/cybersecurity/Blue Team/Wazuh Background/_category_.json rename docs/cybersecurity/Blue Team/{Onboarding => }/Wazuh Background/intrusion-detection-system.mdx (100%) rename docs/cybersecurity/Blue Team/{Onboarding => }/Wazuh Background/wazuh-documentation.md (100%) diff --git a/docs/cybersecurity/Blue Team/Introduction to Blue Team.md b/docs/cybersecurity/Blue Team/Introduction to Blue Team.md index 16b2ed9b6..0e944ea0b 100644 --- a/docs/cybersecurity/Blue Team/Introduction to Blue Team.md +++ b/docs/cybersecurity/Blue Team/Introduction to Blue Team.md @@ -40,11 +40,13 @@ The Blue Team also manages an email infrastructure based on Microsoft 365 Exchan Before you start working on anything, read through the Onboarding section. This explains some more concepts about Wazuh and how you can access it, along with Docker fundamentals. Understanding Docker is particularly important, as most services are setup in Docker containers. -Afterwards, have a look at the Production section. This includes guides for all the services mentioned above and how you can maintain them. +Afterwards, have a look at the Production and Wazuh background section. They include guides, maintanance and information for all the services mentioned above. Finally, the Research section includes things that some team members have worked on in the past. This includes pure research and how-to installation guides for things tested on local VMs (not implemented). -After you've read through these sections, have a think about what you'd like to work on, and discuss this with the team. +After you've read through these sections, have a think about what you'd like to work on, and discuss this with the team. + +Additionally, please review the Cyber Training module. The training will provide you with the knowledge and skills necessary to keep yourself safe in the Redback Operations environment. Navigate to https://d2l.deakin.edu.au/d2l/home and search for Redback to find the Cloud Deakin Redback page. If you don't have permission, contact one of your leaders. The module consists of information on cyber security practices paired with a quiz at the end of each module. You will need to go through them all and complete the final quiz at the end. diff --git a/docs/cybersecurity/Blue Team/Onboarding/wazuh-background.md b/docs/cybersecurity/Blue Team/Onboarding/Wazuh Overview.md similarity index 92% rename from docs/cybersecurity/Blue Team/Onboarding/wazuh-background.md rename to docs/cybersecurity/Blue Team/Onboarding/Wazuh Overview.md index 1f65758f2..5337ce478 100644 --- a/docs/cybersecurity/Blue Team/Onboarding/wazuh-background.md +++ b/docs/cybersecurity/Blue Team/Onboarding/Wazuh Overview.md @@ -1,11 +1,11 @@ --- -id: wazuh-background -title: Wazuh Background +id: wazuh-overview +title: Wazuh Overview sidebar_position: 1 tags: [blue team, wazuh, onboarding] --- -# Wazuh Background +# Wazuh Overview ## What is Wazuh? Wazuh is an open-source SIEM tool (Security Information and Event Management). @@ -84,3 +84,10 @@ For example: This is not required for Wazuh access but may be needed for backend tasks. + +## Understanding Wazuh +If you are interested in learning more about Wazuh, please head over to the Wazuh background section, where we cover more on why we chose Wazuh, how to install Wazuh, and guides on how to use Wazuh. + + + + diff --git a/docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/wazuh-powerpoint.mdx b/docs/cybersecurity/Blue Team/Onboarding/wazuh-powerpoint.mdx similarity index 100% rename from docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/wazuh-powerpoint.mdx rename to docs/cybersecurity/Blue Team/Onboarding/wazuh-powerpoint.mdx diff --git a/docs/cybersecurity/Blue Team/Production/Email Infrastructure/_category_.json b/docs/cybersecurity/Blue Team/Production/Email Infrastructure/_category_.json index dea4d0e88..f3bcfa50a 100644 --- a/docs/cybersecurity/Blue Team/Production/Email Infrastructure/_category_.json +++ b/docs/cybersecurity/Blue Team/Production/Email Infrastructure/_category_.json @@ -3,6 +3,6 @@ "position": 3, "link": { "type": "generated-index", - "description": "Email Infrastructure & Security Documentation" + "description": "Email Infrastructure & Security documentation" } } diff --git a/docs/cybersecurity/Blue Team/Production/Wazuh/Enhancements/_category_.json b/docs/cybersecurity/Blue Team/Production/Wazuh/Enhancements/_category_.json index b3032e697..62d05d829 100644 --- a/docs/cybersecurity/Blue Team/Production/Wazuh/Enhancements/_category_.json +++ b/docs/cybersecurity/Blue Team/Production/Wazuh/Enhancements/_category_.json @@ -3,6 +3,6 @@ "position": 110, "link": { "type": "generated-index", - "description": "Wazuh Enhancements Documentation" + "description": "Wazuh Enhancements documentation" } } diff --git a/docs/cybersecurity/Blue Team/Research/CVE Threat Automation/_category_.json b/docs/cybersecurity/Blue Team/Research/CVE Threat Automation/_category_.json index ae58dfa4a..c7bc89d91 100644 --- a/docs/cybersecurity/Blue Team/Research/CVE Threat Automation/_category_.json +++ b/docs/cybersecurity/Blue Team/Research/CVE Threat Automation/_category_.json @@ -3,6 +3,6 @@ "position": 80, "link": { "type": "generated-index", - "description": "CVE Threat Automation" + "description": "CVE Threat Automation documentation" } } \ No newline at end of file diff --git a/docs/cybersecurity/Blue Team/Research/Cowrie/_category_.json b/docs/cybersecurity/Blue Team/Research/Cowrie/_category_.json new file mode 100644 index 000000000..02ea1b2a9 --- /dev/null +++ b/docs/cybersecurity/Blue Team/Research/Cowrie/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Cowrie", + "position": 102, + "link": { + "type": "generated-index", + "description": "Cowrie implementation" + } +} diff --git a/docs/cybersecurity/Blue Team/Research/ELF Stack/_category_.json b/docs/cybersecurity/Blue Team/Research/ELF Stack/_category_.json new file mode 100644 index 000000000..e6e4542ea --- /dev/null +++ b/docs/cybersecurity/Blue Team/Research/ELF Stack/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "ELF Stack", + "position": 105, + "link": { + "type": "generated-index", + "description": "ELF Stack setup documentation" + } +} diff --git a/docs/cybersecurity/Blue Team/Research/Graylog Setup/_category_.json b/docs/cybersecurity/Blue Team/Research/Graylog Setup/_category_.json index 752e46a97..0be6aaa95 100644 --- a/docs/cybersecurity/Blue Team/Research/Graylog Setup/_category_.json +++ b/docs/cybersecurity/Blue Team/Research/Graylog Setup/_category_.json @@ -3,6 +3,6 @@ "position": 11, "link": { "type": "generated-index", - "description": "Graylog documentations" + "description": "Graylog documentation" } } diff --git a/docs/cybersecurity/Blue Team/Research/MISP/_category_.json b/docs/cybersecurity/Blue Team/Research/MISP/_category_.json index 14155a9e9..cf798fe38 100644 --- a/docs/cybersecurity/Blue Team/Research/MISP/_category_.json +++ b/docs/cybersecurity/Blue Team/Research/MISP/_category_.json @@ -3,6 +3,6 @@ "position": 104, "link": { "type": "generated-index", - "description": "MISP deployment documentations" + "description": "MISP deployment documentation" } } diff --git a/docs/cybersecurity/Blue Team/Research/Pi-Hole/_category_.json b/docs/cybersecurity/Blue Team/Research/Pi-Hole/_category_.json new file mode 100644 index 000000000..ccfbe6d99 --- /dev/null +++ b/docs/cybersecurity/Blue Team/Research/Pi-Hole/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Pi-Hole", + "position": 13, + "link": { + "type": "generated-index", + "description": "Pi-Hole documentation" + } +} diff --git a/docs/cybersecurity/Blue Team/Research/Wazuh - MISP Integration/_category_.json b/docs/cybersecurity/Blue Team/Research/Wazuh - MISP Integration/_category_.json index 5120e4006..6c6f59990 100644 --- a/docs/cybersecurity/Blue Team/Research/Wazuh - MISP Integration/_category_.json +++ b/docs/cybersecurity/Blue Team/Research/Wazuh - MISP Integration/_category_.json @@ -3,6 +3,6 @@ "position": 12, "link": { "type": "generated-index", - "description": "Wazuh MISP Integration documentation" + "description": "Wazuh MISP integration documentation" } } diff --git a/docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/Choosing-Both-Suricata-and-Wazuh.md b/docs/cybersecurity/Blue Team/Wazuh Background/Choosing-Both-Suricata-and-Wazuh.md similarity index 100% rename from docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/Choosing-Both-Suricata-and-Wazuh.md rename to docs/cybersecurity/Blue Team/Wazuh Background/Choosing-Both-Suricata-and-Wazuh.md diff --git a/docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/Installing Wazuh/Wazuh Agent Integration.pdf b/docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/Wazuh Agent Integration.pdf similarity index 100% rename from docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/Installing Wazuh/Wazuh Agent Integration.pdf rename to docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/Wazuh Agent Integration.pdf diff --git a/docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/_category_.json b/docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/_category_.json new file mode 100644 index 000000000..95d35e0c6 --- /dev/null +++ b/docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Wazuh Installation", + "position": 6, + "link": { + "type": "generated-index", + "description": " Documentation on Wazuh installation " + } +} diff --git a/docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/Installing Wazuh/deploying-wazuh.mdx b/docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/deploying-wazuh.mdx similarity index 100% rename from docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/Installing Wazuh/deploying-wazuh.mdx rename to docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/deploying-wazuh.mdx diff --git a/docs/cybersecurity/Blue Team/Onboarding/installing wazuh.md b/docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/installing wazuh.md similarity index 100% rename from docs/cybersecurity/Blue Team/Onboarding/installing wazuh.md rename to docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/installing wazuh.md diff --git a/docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/Installing Wazuh/wazuh-implementation-guide.mdx b/docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/wazuh-implementation-guide.mdx similarity index 100% rename from docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/Installing Wazuh/wazuh-implementation-guide.mdx rename to docs/cybersecurity/Blue Team/Wazuh Background/Wazuh Installation/wazuh-implementation-guide.mdx diff --git a/docs/cybersecurity/Blue Team/Wazuh Background/_category_.json b/docs/cybersecurity/Blue Team/Wazuh Background/_category_.json new file mode 100644 index 000000000..cf1a439e0 --- /dev/null +++ b/docs/cybersecurity/Blue Team/Wazuh Background/_category_.json @@ -0,0 +1,8 @@ +{ + "label": "Wazuh background", + "position": 5, + "link": { + "type": "generated-index", + "description": " Background information on Wazuh " + } +} diff --git a/docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/intrusion-detection-system.mdx b/docs/cybersecurity/Blue Team/Wazuh Background/intrusion-detection-system.mdx similarity index 100% rename from docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/intrusion-detection-system.mdx rename to docs/cybersecurity/Blue Team/Wazuh Background/intrusion-detection-system.mdx diff --git a/docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/wazuh-documentation.md b/docs/cybersecurity/Blue Team/Wazuh Background/wazuh-documentation.md similarity index 100% rename from docs/cybersecurity/Blue Team/Onboarding/Wazuh Background/wazuh-documentation.md rename to docs/cybersecurity/Blue Team/Wazuh Background/wazuh-documentation.md