# Resources High-trust sources that ground the lessons. Prefer these over memory. Tiers: **★★★** primary/canonical · **★★** reputable · **★** supplementary. --- ## Cybersecurity fundamentals (the "why") - ★★★ **NIST — CIA triad definition** — the canonical definition of Confidentiality, Integrity, Availability. https://csrc.nist.gov/glossary/term/confidentiality_integrity_availability - ★★★ **NIST SP 800-92 — Guide to Computer Security Log Management** — the conceptual backbone of every SIEM (logs → collect → parse → correlate → analyze). https://csrc.nist.gov/pubs/sp/800/92/final - ★★★ **MITRE ATT&CK — Get Started** — how to read tactics/techniques. https://attack.mitre.org/resources/ - ★★★ **MITRE ATT&CK — Enterprise Matrix** — the matrix Wazuh rules map to. https://attack.mitre.org/matrices/enterprise/ - ★★ **SANS — SOC / Blue Team hub** — SOC operations & analyst workflow (free posters/webcasts; courses paid). https://www.sans.org/soc - ★★★ **Verizon DBIR** — empirical breach data, incl. Accommodation & Food Services. https://www.verizon.com/business/resources/reports/dbir/ - ★★ **SANS Internet Storm Center** — daily threat diaries. https://isc.sans.edu/ ## Wazuh — official documentation - ★★★ **Getting Started** — https://documentation.wazuh.com/current/getting-started/index.html - ★★★ **Components / architecture** (indexer · server · dashboard · agents) — https://documentation.wazuh.com/current/getting-started/components/index.html - ★★★ **Quickstart** (all-in-one install, sizing) — https://documentation.wazuh.com/current/quickstart.html - ★★★ **User Manual hub** — https://documentation.wazuh.com/current/user-manual/index.html - ★★★ **Ruleset / data analysis** (decoders → rules → alerts) — https://documentation.wazuh.com/current/user-manual/ruleset/index.html - ★★★ **Decoders** — https://documentation.wazuh.com/current/user-manual/ruleset/decoders/index.html - ★★★ **Custom rules & decoders** (local_rules.xml) — https://documentation.wazuh.com/current/user-manual/ruleset/custom.html - ★★★ **Testing rules** (`wazuh-logtest`) — https://documentation.wazuh.com/current/user-manual/ruleset/testing.html - ★★★ **MITRE ATT&CK module** — https://documentation.wazuh.com/current/user-manual/ruleset/mitre.html - ★★★ **Threat hunting use case** — https://documentation.wazuh.com/current/getting-started/use-cases/threat-hunting.html ## Wazuh — multi-tenancy / MSSP (one deployment, many hotels) - ★★★ **Grouping agents** (one group per client) — https://documentation.wazuh.com/current/user-manual/agent/agent-management/grouping-agents.html - ★★★ **Centralized configuration** (agent.conf per group) — https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html - ★★★ **Dashboard multi-tenancy** (per-client tenants) — https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/multi-tenancy.html - ★★★ **RBAC — API roles/policies** — https://documentation.wazuh.com/current/user-manual/api/rbac/index.html - ★★★ **RBAC — how it works** — https://documentation.wazuh.com/current/user-manual/api/rbac/how-it-works.html - ★★★ **RBAC — users scoped to an agent group** — https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html - ★★ **Blog: agent groups & centralized config** — https://wazuh.com/blog/agent-groups-and-centralized-configuration/ > MSSP pattern from the docs: **agent group per client** + **RBAC roles scoped > to those groups** + **dashboard tenants per client**. At larger scale, > per-client managers feeding a shared indexer cluster. ## Hotel / hospitality security - ★★★ **PCI Security Standards Council** — the card-data authority. https://www.pcisecuritystandards.org/ - ★★★ **PCI SSC Document Library** (PCI DSS v4.0.1, SAQs) — https://www.pcisecuritystandards.org/document_library/ - ★★★ **Oracle OPERA PMS — Security Guide** (the dominant hotel PMS) — https://docs.oracle.com/cd/E98457_01/docs/F18432.pdf - ★★ **Dark Reading — CVE-2023-21932 OPERA flaw** (case study) — https://www.darkreading.com/application-security/hotels-at-risk-from-bug-in-oracle-property-management-software - ★★ **Help Net Security — CVE-2023-21932** — https://www.helpnetsecurity.com/2023/05/02/cve-2023-21932/ ## Communities (wisdom — ask real practitioners) - ★★★ **Wazuh Community hub** — https://wazuh.com/community/ - ★★★ **Wazuh Slack** (best for MSSP/architecture Qs; invite via hub if expired) — https://wazuh.com/community/ - ★★ **Wazuh Google Group** — https://groups.google.com/g/wazuh/ - ★★ **Wazuh GitHub** (issues/discussions) — https://github.com/wazuh - ★★ **r/Wazuh** — https://www.reddit.com/r/Wazuh/ - ★ **Wazuh Discord** — https://discord.gg/rg9eZTtC7W - ★★ **r/blueteamsec**, **r/cybersecurity** — broader blue-team discussion _Last updated: 2026-06-24_