Teaching Endpoint Protection through Wazuh: A Project-Based Approach to Cybersecurity Education

Abstract

In recent years, the demand for practical, real-world cybersecurity education has grown dramatically. Traditional lecture-based methods often fall short in equipping students with the applied skills needed to detect, analyze, and respond to current cyber threats. This paper presents a project-based educational framework focused on the deployment, configuration, and use of real-world software such as Wazuh. Rather than following predetermined steps, students engage with realistic endpoint and network security scenarios, such as installing and configuring Wazuh agents, monitoring and interpreting live system and application logs, detecting simulated security incidents such as brute-force attacks and malware execution, and applying industry-aligned procedures. Evaluation of student performance demonstrates substantial improvements in alert interpretation, rule configuration, and application of cybersecurity knowledge. Our findings indicate that integrating Wazuh into coursework effectively develops both practical technical skills and analytical thinking, aligns with national workforce competency standards, and provides a model that other courses can adopt to integrate enterprise security tools into the classroom.