👋 Hey there! Let me share something exciting with you.
In April 2025, I achieved my Splunk Core Certified User certification after practicing with Search Processing Language (SPL) queries on test datasets. While this was valuable learning experience, I wanted to go beyond simulated environments. During my regular browsing of LinkedIn and cybersecurity news, I came across Wazuh—a powerful open-source security monitoring platform. After researching its capabilities, I realized this could be my bridge from practice to real-world security operations. This inspired me to create a home lab where I could work with actual security scenarios and gain hands-on experience.
Following a careful review of the Wazuh documentation, I discovered that my ARM-based MacBook wouldn't support a direct Wazuh installation. No problem though—I designed a practical solution: hosting the Wazuh server on AWS, while using two virtual machines on VMware Fusion as monitoring endpoints. This setup offers the perfect balance between cloud capabilities and local testing.
Let me explain the architecture of our home lab. At its center is a Wazuh server running on an Amazon EC2 instance, which I found as a pre-built solution in the Amazon Marketplace. This server acts as our central security monitoring hub, collecting and analyzing data from connected systems.
The server performs essential security monitoring functions while remaining efficient with cloud resources. For our test environment, I'm using two virtual machines in VMware Fusion:
Each endpoint has a Wazuh agent installed that reports back to our central server. This setup gives us a practical balance between functionality and complexity—perfect for a home lab environment.