Automation Of Malware Analysis Integration Based On Wazuh Siem And Ghidra In Isolated Virtual Environments
Rekayasa Keamanan Siber
Keywords:
Analisis Malware, Ghidra, Intelijen Ancaman, Otomatisasi, Reverse Engineering, SIEM, WazuhAbstract
As cyber threats grow more complex, automated solutions for malware detection are no longer optional but essential. The integration between Security Information and Event Management (SIEM) such as Wazuh and reverse engineering platform Ghidra offers great potential in enhancing cyber defense capabilities. Wazuh plays a role in real-time log-based threat monitoring, while Ghidra enables in-depth analysis of binary code and malware. This research aims to develop an Automated Threat Intelligence system by integrating Wazuh and Ghidra to perform automated and continuous malware analysis. The methods used include configuring Wazuh to collect security logs from various endpoints, and utilizing APIs and scripts in Ghidra to automate the disassembly and analysis of malicious code. The results show that the system is able to proactively detect threats, accurately analyse malware, and generate comprehensive cyber intelligence. The implication is that this solution can increase the speed of response to cyberattacks, reduce reliance on manual intervention, and strengthen automation-based mitigation strategies. As such, this research makes a significant contribution to the development of adaptive and data-driven cybersecurity systems.
