> ## Documentation Index
> Fetch the complete documentation index at: https://docs.socfortress.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Videos

# CoPilot Video Guide

This page is generated from the CoPilot YouTube playlist transcripts and is meant to be used like documentation.

## Jump to your role

[I'm a SOC Operator](#operator-track)
[I'm an Admin/Engineer](#adminengineer-track)

***

## Browse by thumbnail

Use these thumbnail grids to jump straight to a video. Click the **thumbnail** to open YouTube in a new tab; click the **title** to jump to the summary on this page.

### Operator thumbnails (SOC operators / analysts)

<div class="sf-thumb-grid" markdown>
  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=euFrHP0VkD8" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/euFrHP0VkD8/hqdefault.jpg" alt="Wazuh Content Pack For Graylog - Easily Configure Your SOCFortress SIEM Stack" />
    </a>

    [Wazuh Content Pack For Graylog - Easily Configure Your SOCFortress SIEM Stack](#vid-euFrHP0VkD8)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=ffAnV31Ne54" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/ffAnV31Ne54/hqdefault.jpg" alt="Wazuh Security Configuration Assessment and CoPilot - Are Your Endpoints Compliant?" />
    </a>

    [Wazuh Security Configuration Assessment and CoPilot - Are Your Endpoints Compliant?](#vid-ffAnV31Ne54)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=3p6qiH9UF8U" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/3p6qiH9UF8U/hqdefault.jpg" alt="Powerful Wazuh Alert Management With CoPilot!" />
    </a>

    [Powerful Wazuh Alert Management With CoPilot!](#vid-3p6qiH9UF8U)
    <div class="sf-thumb-meta">Best for: Operator</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=GwPyKM2X1EM" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/GwPyKM2X1EM/hqdefault.jpg" alt="Introducing the Datastore in CoPilot: Upload Artifacts into Cases with Ease" />
    </a>

    [Introducing the Datastore in CoPilot: Upload Artifacts into Cases with Ease](#vid-GwPyKM2X1EM)
    <div class="sf-thumb-meta">Best for: Operator</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=S2ELWusHcxA" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/S2ELWusHcxA/hqdefault.jpg" alt="Supercharge Open-Source Cybersecurity: Velociraptor + Sigma for Your SIEM" />
    </a>

    [Supercharge Open-Source Cybersecurity: Velociraptor + Sigma for Your SIEM](#vid-S2ELWusHcxA)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=l9OLtgemYOQ" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/l9OLtgemYOQ/hqdefault.jpg" alt="Open Source SIEM Response | Dynamic Endpoint Actions with SOCFortress CoPilot" />
    </a>

    [Open Source SIEM Response | Dynamic Endpoint Actions with SOCFortress CoPilot](#vid-l9OLtgemYOQ)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=R_pG1Gx_7O8" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/R_pG1Gx_7O8/hqdefault.jpg" alt="Endpoint Investigation Made Easier: New Velociraptor Features in SOCFORTRESS CoPilot" />
    </a>

    [Endpoint Investigation Made Easier: New Velociraptor Features in SOCFORTRESS CoPilot](#vid-R_pG1Gx_7O8)
    <div class="sf-thumb-meta">Best for: Operator</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=-2srPC-Dw-0" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/-2srPC-Dw-0/hqdefault.jpg" alt="AI Analyst for Wazuh Alerts: Revolutionize Your SOC with SOCFortress Copilot!" />
    </a>

    [AI Analyst for Wazuh Alerts: Revolutionize Your SOC with SOCFortress Copilot!](#vid--2srPC-Dw-0)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=FHjD9QBaLD4" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/FHjD9QBaLD4/hqdefault.jpg" alt="AI Agent for Open Source SIEM: Wazuh, Velociraptor + CoPilot!" />
    </a>

    [AI Agent for Open Source SIEM: Wazuh, Velociraptor + CoPilot!](#vid-FHjD9QBaLD4)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=QaLrmSgEcLI" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/QaLrmSgEcLI/hqdefault.jpg" alt="AI Chatbot Now With Threat Intel, Cyber News, Knowledge Base & Attack Surface!" />
    </a>

    [AI Chatbot Now With Threat Intel, Cyber News, Knowledge Base & Attack Surface!](#vid-QaLrmSgEcLI)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=tguRiVgytso" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/tguRiVgytso/hqdefault.jpg" alt="Automate Your SOC: Triggering Alerts with Wazuh Rules via Copilot" />
    </a>

    [Automate Your SOC: Triggering Alerts with Wazuh Rules via Copilot](#vid-tguRiVgytso)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=AH1g3p8s2_o" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/AH1g3p8s2_o/hqdefault.jpg" alt="Wazuh Rule Writing With CoPilot AI Module - Handle Your Alert Flooding" />
    </a>

    [Wazuh Rule Writing With CoPilot AI Module - Handle Your Alert Flooding](#vid-AH1g3p8s2_o)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=llm3uSSUhqs" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/llm3uSSUhqs/hqdefault.jpg" alt="Mastering Wazuh's Active Response: Block Malicious IPs with CoPilot & Wazuh!" />
    </a>

    [Mastering Wazuh's Active Response: Block Malicious IPs with CoPilot & Wazuh!](#vid-llm3uSSUhqs)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=Ko5jLfkSCrk" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/Ko5jLfkSCrk/hqdefault.jpg" alt="Revolutionize Your SIEM Alerts: Integrate CoPilot & Shuffle" />
    </a>

    [Revolutionize Your SIEM Alerts: Integrate CoPilot & Shuffle](#vid-Ko5jLfkSCrk)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=GWTNA-6Z_Tk" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/GWTNA-6Z_Tk/hqdefault.jpg" alt="Tame the Noise: Sigma Exclusions in CoPilot for Velociraptor Alerts" />
    </a>

    [Tame the Noise: Sigma Exclusions in CoPilot for Velociraptor Alerts](#vid-GWTNA-6Z_Tk)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=XT1d49HTqQw" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/XT1d49HTqQw/hqdefault.jpg" alt="🚀 Master Sysmon Config Management with CoPilot & Wazuh!" />
    </a>

    [🚀 Master Sysmon Config Management with CoPilot & Wazuh!](#vid-XT1d49HTqQw)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=Ogr70DWAeTc" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/Ogr70DWAeTc/hqdefault.jpg" alt="Supercharge Wazuh Active Response with CoPilot: No More Limits!" />
    </a>

    [Supercharge Wazuh Active Response with CoPilot: No More Limits!](#vid-Ogr70DWAeTc)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=TMJOBATTK9M" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/TMJOBATTK9M/hqdefault.jpg" alt="Test Your Wazuh Detection Rules: One-Click Atomic Red Team + Velociraptor + CoPilot" />
    </a>

    [Test Your Wazuh Detection Rules: One-Click Atomic Red Team + Velociraptor + CoPilot](#vid-TMJOBATTK9M)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=tL3oNEx_3M8" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/tL3oNEx_3M8/hqdefault.jpg" alt="Simulate Linux Attacks and Tune Detection Rules with Atomic Red Team" />
    </a>

    [Simulate Linux Attacks and Tune Detection Rules with Atomic Red Team](#vid-tL3oNEx_3M8)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=FJunzP2c_mQ" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/FJunzP2c_mQ/hqdefault.jpg" alt="Auto-Enrich Wazuh Events with Threat Intel Feeds!" />
    </a>

    [Auto-Enrich Wazuh Events with Threat Intel Feeds!](#vid-FJunzP2c_mQ)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=CVVj9HRtjOE" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/CVVj9HRtjOE/hqdefault.jpg" alt="Analyzing Processes in Wazuh Alerts with Advanced Risk Scoring from Global Data" />
    </a>

    [Analyzing Processes in Wazuh Alerts with Advanced Risk Scoring from Global Data](#vid-CVVj9HRtjOE)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=G3MDJSMvnRo" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/G3MDJSMvnRo/hqdefault.jpg" alt="Simplify Cloud Security: ScoutSuite and Copilot Tutorial" />
    </a>

    [Simplify Cloud Security: ScoutSuite and Copilot Tutorial](#vid-G3MDJSMvnRo)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=Qnm9SXVJGWw" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/Qnm9SXVJGWw/hqdefault.jpg" alt="Integrate EPSS with Wazuh for Top-Notch Vulnerability Management!" />
    </a>

    [Integrate EPSS with Wazuh for Top-Notch Vulnerability Management!](#vid-Qnm9SXVJGWw)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=-SVHKuQUxlI" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/-SVHKuQUxlI/hqdefault.jpg" alt="Enhancing Web App Security: Integrating Copilot with Nuclei for Vulnerability Scanning" />
    </a>

    [Enhancing Web App Security: Integrating Copilot with Nuclei for Vulnerability Scanning](#vid--SVHKuQUxlI)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=fNybop2FTRE" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/fNybop2FTRE/hqdefault.jpg" alt="Boost CoPilot: IoCs from Wazuh + VirusTotal Enrichment" />
    </a>

    [Boost CoPilot: IoCs from Wazuh + VirusTotal Enrichment](#vid-fNybop2FTRE)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=ixxVe_9LAfQ" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/ixxVe_9LAfQ/hqdefault.jpg" alt="CoPilot + VirusTotal: Instantly Scan Files for Malware!" />
    </a>

    [CoPilot + VirusTotal: Instantly Scan Files for Malware!](#vid-ixxVe_9LAfQ)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=NUrnlTvLzVk" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/NUrnlTvLzVk/hqdefault.jpg" alt="CoPilot Supercharges Wazuh with SCA & Vulnerability Overviews" />
    </a>

    [CoPilot Supercharges Wazuh with SCA & Vulnerability Overviews](#vid-NUrnlTvLzVk)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>
</div>

### Admin/Engineer thumbnails (admins / engineers)

<div class="sf-thumb-grid" markdown>
  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=qQbex2zAhWI" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/qQbex2zAhWI/hqdefault.jpg" alt="Copilot - Your Open Source Security Integrator" />
    </a>

    [Copilot - Your Open Source Security Integrator](#vid-qQbex2zAhWI)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=CQolYA30Gls" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/CQolYA30Gls/hqdefault.jpg" alt="Copilot - Your Next Open Source Security Tool" />
    </a>

    [Copilot - Your Next Open Source Security Tool](#vid-CQolYA30Gls)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=seITDGXAiJw" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/seITDGXAiJw/hqdefault.jpg" alt="CoPilot Install" />
    </a>

    [CoPilot Install](#vid-seITDGXAiJw)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=7dUHSMWWTuY" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/7dUHSMWWTuY/hqdefault.jpg" alt="CoPilot Install -- Final Update (I Hope)" />
    </a>

    [CoPilot Install -- Final Update (I Hope)](#vid-7dUHSMWWTuY)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=euFrHP0VkD8" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/euFrHP0VkD8/hqdefault.jpg" alt="Wazuh Content Pack For Graylog - Easily Configure Your SOCFortress SIEM Stack" />
    </a>

    [Wazuh Content Pack For Graylog - Easily Configure Your SOCFortress SIEM Stack](#vid-euFrHP0VkD8)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=ffAnV31Ne54" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/ffAnV31Ne54/hqdefault.jpg" alt="Wazuh Security Configuration Assessment and CoPilot - Are Your Endpoints Compliant?" />
    </a>

    [Wazuh Security Configuration Assessment and CoPilot - Are Your Endpoints Compliant?](#vid-ffAnV31Ne54)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=S2ELWusHcxA" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/S2ELWusHcxA/hqdefault.jpg" alt="Supercharge Open-Source Cybersecurity: Velociraptor + Sigma for Your SIEM" />
    </a>

    [Supercharge Open-Source Cybersecurity: Velociraptor + Sigma for Your SIEM](#vid-S2ELWusHcxA)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=31lCr80-NVM" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/31lCr80-NVM/hqdefault.jpg" alt="Manage Wazuh Detection Rules with CoPilot" />
    </a>

    [Manage Wazuh Detection Rules with CoPilot](#vid-31lCr80-NVM)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=l9OLtgemYOQ" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/l9OLtgemYOQ/hqdefault.jpg" alt="Open Source SIEM Response | Dynamic Endpoint Actions with SOCFortress CoPilot" />
    </a>

    [Open Source SIEM Response | Dynamic Endpoint Actions with SOCFortress CoPilot](#vid-l9OLtgemYOQ)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=-2srPC-Dw-0" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/-2srPC-Dw-0/hqdefault.jpg" alt="AI Analyst for Wazuh Alerts: Revolutionize Your SOC with SOCFortress Copilot!" />
    </a>

    [AI Analyst for Wazuh Alerts: Revolutionize Your SOC with SOCFortress Copilot!](#vid--2srPC-Dw-0)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=FHjD9QBaLD4" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/FHjD9QBaLD4/hqdefault.jpg" alt="AI Agent for Open Source SIEM: Wazuh, Velociraptor + CoPilot!" />
    </a>

    [AI Agent for Open Source SIEM: Wazuh, Velociraptor + CoPilot!](#vid-FHjD9QBaLD4)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=QaLrmSgEcLI" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/QaLrmSgEcLI/hqdefault.jpg" alt="AI Chatbot Now With Threat Intel, Cyber News, Knowledge Base & Attack Surface!" />
    </a>

    [AI Chatbot Now With Threat Intel, Cyber News, Knowledge Base & Attack Surface!](#vid-QaLrmSgEcLI)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=tguRiVgytso" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/tguRiVgytso/hqdefault.jpg" alt="Automate Your SOC: Triggering Alerts with Wazuh Rules via Copilot" />
    </a>

    [Automate Your SOC: Triggering Alerts with Wazuh Rules via Copilot](#vid-tguRiVgytso)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=AH1g3p8s2_o" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/AH1g3p8s2_o/hqdefault.jpg" alt="Wazuh Rule Writing With CoPilot AI Module - Handle Your Alert Flooding" />
    </a>

    [Wazuh Rule Writing With CoPilot AI Module - Handle Your Alert Flooding](#vid-AH1g3p8s2_o)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=llm3uSSUhqs" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/llm3uSSUhqs/hqdefault.jpg" alt="Mastering Wazuh's Active Response: Block Malicious IPs with CoPilot & Wazuh!" />
    </a>

    [Mastering Wazuh's Active Response: Block Malicious IPs with CoPilot & Wazuh!](#vid-llm3uSSUhqs)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=Ko5jLfkSCrk" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/Ko5jLfkSCrk/hqdefault.jpg" alt="Revolutionize Your SIEM Alerts: Integrate CoPilot & Shuffle" />
    </a>

    [Revolutionize Your SIEM Alerts: Integrate CoPilot & Shuffle](#vid-Ko5jLfkSCrk)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=GWTNA-6Z_Tk" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/GWTNA-6Z_Tk/hqdefault.jpg" alt="Tame the Noise: Sigma Exclusions in CoPilot for Velociraptor Alerts" />
    </a>

    [Tame the Noise: Sigma Exclusions in CoPilot for Velociraptor Alerts](#vid-GWTNA-6Z_Tk)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=XT1d49HTqQw" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/XT1d49HTqQw/hqdefault.jpg" alt="🚀 Master Sysmon Config Management with CoPilot & Wazuh!" />
    </a>

    [🚀 Master Sysmon Config Management with CoPilot & Wazuh!](#vid-XT1d49HTqQw)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=Ogr70DWAeTc" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/Ogr70DWAeTc/hqdefault.jpg" alt="Supercharge Wazuh Active Response with CoPilot: No More Limits!" />
    </a>

    [Supercharge Wazuh Active Response with CoPilot: No More Limits!](#vid-Ogr70DWAeTc)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=TMJOBATTK9M" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/TMJOBATTK9M/hqdefault.jpg" alt="Test Your Wazuh Detection Rules: One-Click Atomic Red Team + Velociraptor + CoPilot" />
    </a>

    [Test Your Wazuh Detection Rules: One-Click Atomic Red Team + Velociraptor + CoPilot](#vid-TMJOBATTK9M)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=tL3oNEx_3M8" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/tL3oNEx_3M8/hqdefault.jpg" alt="Simulate Linux Attacks and Tune Detection Rules with Atomic Red Team" />
    </a>

    [Simulate Linux Attacks and Tune Detection Rules with Atomic Red Team](#vid-tL3oNEx_3M8)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=MKqByrkDqZU" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/MKqByrkDqZU/hqdefault.jpg" alt="Wazuh Indexer and CoPilot Integration" />
    </a>

    [Wazuh Indexer and CoPilot Integration](#vid-MKqByrkDqZU)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=MyvPmQ4Cfb0" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/MyvPmQ4Cfb0/hqdefault.jpg" alt="Graylog and CoPilot Integration" />
    </a>

    [Graylog and CoPilot Integration](#vid-MyvPmQ4Cfb0)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=iI6yKgKC5wk" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/iI6yKgKC5wk/hqdefault.jpg" alt="Wazuh Manager and CoPilot Integration" />
    </a>

    [Wazuh Manager and CoPilot Integration](#vid-iI6yKgKC5wk)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=-Cqyczg6ELE" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/-Cqyczg6ELE/hqdefault.jpg" alt="Velociraptor and Copilot Integration" />
    </a>

    [Velociraptor and Copilot Integration](#vid--Cqyczg6ELE)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=vt6M1SzNfjE" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/vt6M1SzNfjE/hqdefault.jpg" alt="CoPilot And InfluxDB - Monitor Your SIEM Stack Servers with InfluxDB and CoPilot!" />
    </a>

    [CoPilot And InfluxDB - Monitor Your SIEM Stack Servers with InfluxDB and CoPilot!](#vid-vt6M1SzNfjE)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=n9koQ1UL-L0" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/n9koQ1UL-L0/hqdefault.jpg" alt="DFIR-IRIS and CoPilot - Bring your SOC Alerts into CoPilot" />
    </a>

    [DFIR-IRIS and CoPilot - Bring your SOC Alerts into CoPilot](#vid-n9koQ1UL-L0)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=FOOU1PQnd7g" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/FOOU1PQnd7g/hqdefault.jpg" alt="Grafana and CoPilot Integration" />
    </a>

    [Grafana and CoPilot Integration](#vid-FOOU1PQnd7g)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=ihj2F2rA6BQ" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/ihj2F2rA6BQ/hqdefault.jpg" alt="Seamless Office365 Integration with Wazuh: Simplified by Copilot" />
    </a>

    [Seamless Office365 Integration with Wazuh: Simplified by Copilot](#vid-ihj2F2rA6BQ)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=YOVUOpZDEzM" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/YOVUOpZDEzM/hqdefault.jpg" alt="Unlock Full SIEM Potential: Effortlessly Ingest Crowdstrike Events Into Your Open Source SIEM!" />
    </a>

    [Unlock Full SIEM Potential: Effortlessly Ingest Crowdstrike Events Into Your Open Source SIEM!](#vid-YOVUOpZDEzM)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=tgWRvOJX5HA" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/tgWRvOJX5HA/hqdefault.jpg" alt="CoPilot Event Shipper Configuration - Ingest 3rd Party Logs into your SIEM Stack" />
    </a>

    [CoPilot Event Shipper Configuration - Ingest 3rd Party Logs into your SIEM Stack](#vid-tgWRvOJX5HA)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=chTthkpMpTY" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/chTthkpMpTY/hqdefault.jpg" alt="Unlock Full SIEM Potential: Effortlessly Ingest DUO MFA Events Into Your Open Source SIEM!" />
    </a>

    [Unlock Full SIEM Potential: Effortlessly Ingest DUO MFA Events Into Your Open Source SIEM!](#vid-chTthkpMpTY)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=wK4aA7QrXmE" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/wK4aA7QrXmE/hqdefault.jpg" alt="New MITRE ATT&CK Integration in CoPilot – Game Changer for SOC Analysts!" />
    </a>

    [New MITRE ATT\&CK Integration in CoPilot – Game Changer for SOC Analysts!](#vid-wK4aA7QrXmE)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=O5SaFwAMMtA" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/O5SaFwAMMtA/hqdefault.jpg" alt="Supercharge Your Log Ingestion: Webhooks to SIEM Made Easy" />
    </a>

    [Supercharge Your Log Ingestion: Webhooks to SIEM Made Easy](#vid-O5SaFwAMMtA)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=FJunzP2c_mQ" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/FJunzP2c_mQ/hqdefault.jpg" alt="Auto-Enrich Wazuh Events with Threat Intel Feeds!" />
    </a>

    [Auto-Enrich Wazuh Events with Threat Intel Feeds!](#vid-FJunzP2c_mQ)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=CVVj9HRtjOE" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/CVVj9HRtjOE/hqdefault.jpg" alt="Analyzing Processes in Wazuh Alerts with Advanced Risk Scoring from Global Data" />
    </a>

    [Analyzing Processes in Wazuh Alerts with Advanced Risk Scoring from Global Data](#vid-CVVj9HRtjOE)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=G3MDJSMvnRo" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/G3MDJSMvnRo/hqdefault.jpg" alt="Simplify Cloud Security: ScoutSuite and Copilot Tutorial" />
    </a>

    [Simplify Cloud Security: ScoutSuite and Copilot Tutorial](#vid-G3MDJSMvnRo)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=Qnm9SXVJGWw" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/Qnm9SXVJGWw/hqdefault.jpg" alt="Integrate EPSS with Wazuh for Top-Notch Vulnerability Management!" />
    </a>

    [Integrate EPSS with Wazuh for Top-Notch Vulnerability Management!](#vid-Qnm9SXVJGWw)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=-SVHKuQUxlI" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/-SVHKuQUxlI/hqdefault.jpg" alt="Enhancing Web App Security: Integrating Copilot with Nuclei for Vulnerability Scanning" />
    </a>

    [Enhancing Web App Security: Integrating Copilot with Nuclei for Vulnerability Scanning](#vid--SVHKuQUxlI)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=fNybop2FTRE" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/fNybop2FTRE/hqdefault.jpg" alt="Boost CoPilot: IoCs from Wazuh + VirusTotal Enrichment" />
    </a>

    [Boost CoPilot: IoCs from Wazuh + VirusTotal Enrichment](#vid-fNybop2FTRE)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=ixxVe_9LAfQ" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/ixxVe_9LAfQ/hqdefault.jpg" alt="CoPilot + VirusTotal: Instantly Scan Files for Malware!" />
    </a>

    [CoPilot + VirusTotal: Instantly Scan Files for Malware!](#vid-ixxVe_9LAfQ)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=NUrnlTvLzVk" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/NUrnlTvLzVk/hqdefault.jpg" alt="CoPilot Supercharges Wazuh with SCA & Vulnerability Overviews" />
    </a>

    [CoPilot Supercharges Wazuh with SCA & Vulnerability Overviews](#vid-NUrnlTvLzVk)
    <div class="sf-thumb-meta">Best for: Both</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=hC0JHY5WF-U" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/hC0JHY5WF-U/hqdefault.jpg" alt="Wazuh Dashboards in Grafana & Customer Provisioning in CoPilot!" />
    </a>

    [Wazuh Dashboards in Grafana & Customer Provisioning in CoPilot!](#vid-hC0JHY5WF-U)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=9xHr5-Wlypw" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/9xHr5-Wlypw/hqdefault.jpg" alt="Create Custom PDF Reports in Grafana Detailing Security Events | Share with Your Clients!" />
    </a>

    [Create Custom PDF Reports in Grafana Detailing Security Events | Share with Your Clients!](#vid-9xHr5-Wlypw)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>

  <div class="sf-thumb-card" markdown>
    <a href="https://www.youtube.com/watch?v=_bvFejcFwFM" target="_blank" rel="noopener">
      <img src="https://img.youtube.com/vi/_bvFejcFwFM/hqdefault.jpg" alt="A Customer Portal for Your Open-Source SIEM Stack" />
    </a>

    [A Customer Portal for Your Open-Source SIEM Stack](#vid-_bvFejcFwFM)
    <div class="sf-thumb-meta">Best for: Admin-Engineer</div>
  </div>
</div>

***

## How to use this page

* Start with the section that matches your role.
* Videos labeled **Best for: Both** appear in *both* tracks below (by design).

<a id="operator-track" />

## Operator Track (SOC operators / analysts)

Alert triage, case work, investigations, and day-to-day SOC workflows.

### Core SOC Workflows: Alerting, Case Management, and Investigations

<a id="vid-euFrHP0VkD8" />

#### Wazuh Content Pack For Graylog - Easily Configure Your SOCFortress SIEM Stack

* Link: [https://www.youtube.com/watch?v=euFrHP0VkD8](https://www.youtube.com/watch?v=euFrHP0VkD8)
* Best for: Both
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Shows connector setup steps and validation inside CoPilot.
  * Highlights required service reload/restart points after configuration changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Graylog connector, Grafana integration, Incident management, Alert triage UI

<a id="vid-ffAnV31Ne54" />

#### Wazuh Security Configuration Assessment and CoPilot - Are Your Endpoints Compliant?

* Link: [https://www.youtube.com/watch?v=ffAnV31Ne54](https://www.youtube.com/watch?v=ffAnV31Ne54)
* Best for: Both
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Shows practical filtering/search techniques for triage speed.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, SCA visibility, Incident management, Alert triage UI

<a id="vid-3p6qiH9UF8U" />

#### Powerful Wazuh Alert Management With CoPilot!

* Link: [https://www.youtube.com/watch?v=3p6qiH9UF8U](https://www.youtube.com/watch?v=3p6qiH9UF8U)
* Best for: Operator
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Breaks down alert lifecycle handling and practical techniques for reducing analyst overload.
  * Shows connector setup steps and validation inside CoPilot.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Explains how index/search data is selected and mapped for operations.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, Built-in case management, Incident management, Alert triage UI

<a id="vid-GwPyKM2X1EM" />

#### Introducing the Datastore in CoPilot: Upload Artifacts into Cases with Ease

* Link: [https://www.youtube.com/watch?v=GwPyKM2X1EM](https://www.youtube.com/watch?v=GwPyKM2X1EM)
* Best for: Operator
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Demonstrates uploading and attaching investigation artifacts directly into cases for evidence continuity.
  * Walks through Docker Compose or service-level deployment changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Case datastore/artifact uploads, Incident management, Alert triage UI

<a id="vid-S2ELWusHcxA" />

#### Supercharge Open-Source Cybersecurity: Velociraptor + Sigma for Your SIEM

* Link: [https://www.youtube.com/watch?v=S2ELWusHcxA](https://www.youtube.com/watch?v=S2ELWusHcxA)
* Best for: Both
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, Sigma rule workflow, SCA visibility, Incident management, Alert triage UI

<a id="vid-l9OLtgemYOQ" />

#### Open Source SIEM Response | Dynamic Endpoint Actions with SOCFortress CoPilot

* Link: [https://www.youtube.com/watch?v=l9OLtgemYOQ](https://www.youtube.com/watch?v=l9OLtgemYOQ)
* Best for: Both
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, Active response automation, Vulnerability visibility, Incident management, Alert triage UI

<a id="vid-R_pG1Gx_7O8" />

#### Endpoint Investigation Made Easier: New Velociraptor Features in SOCFORTRESS CoPilot

* Link: [https://www.youtube.com/watch?v=R\_pG1Gx\_7O8](https://www.youtube.com/watch?v=R_pG1Gx_7O8)
* Best for: Operator
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Connects alert context to endpoint/asset details for analyst decision making.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, Incident management, Alert triage UI

### AI Analyst and Assistant Workflows

<a id="vid--2srPC-Dw-0" />

#### AI Analyst for Wazuh Alerts: Revolutionize Your SOC with SOCFortress Copilot!

* Link: [https://www.youtube.com/watch?v=-2srPC-Dw-0](https://www.youtube.com/watch?v=-2srPC-Dw-0)
* Best for: Both
* What you learn:
  * Demonstrates natural-language investigation workflows that reduce manual querying in backend systems.
  * Shows how AI responses can accelerate common SOC questions and operational checks.
  * Covers the boundary between assisted analysis and operator validation for reliable decisions.
  * Shows guided querying against CoPilot and backend systems using natural language prompts.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Connects alert context to endpoint/asset details for analyst decision making.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, AI analyst, AI-assisted investigation

<a id="vid-FHjD9QBaLD4" />

#### AI Agent for Open Source SIEM: Wazuh, Velociraptor + CoPilot!

* Link: [https://www.youtube.com/watch?v=FHjD9QBaLD4](https://www.youtube.com/watch?v=FHjD9QBaLD4)
* Best for: Both
* What you learn:
  * Demonstrates natural-language investigation workflows that reduce manual querying in backend systems.
  * Shows how AI responses can accelerate common SOC questions and operational checks.
  * Covers the boundary between assisted analysis and operator validation for reliable decisions.
  * Shows guided querying against CoPilot and backend systems using natural language prompts.
  * Walks through Docker Compose or service-level deployment changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Explains how index/search data is selected and mapped for operations.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, Velociraptor integration, AI agent, AI-assisted investigation

<a id="vid-QaLrmSgEcLI" />

#### AI Chatbot Now With Threat Intel, Cyber News, Knowledge Base & Attack Surface!

* Link: [https://www.youtube.com/watch?v=QaLrmSgEcLI](https://www.youtube.com/watch?v=QaLrmSgEcLI)
* Best for: Both
* What you learn:
  * Demonstrates natural-language investigation workflows that reduce manual querying in backend systems.
  * Shows how AI responses can accelerate common SOC questions and operational checks.
  * Covers the boundary between assisted analysis and operator validation for reliable decisions.
  * Shows guided querying against CoPilot and backend systems using natural language prompts.
  * Explains how index/search data is selected and mapped for operations.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, AI chatbot, AI-assisted investigation

### Detection Engineering and Response Automation

<a id="vid-tguRiVgytso" />

#### Automate Your SOC: Triggering Alerts with Wazuh Rules via Copilot

* Link: [https://www.youtube.com/watch?v=tguRiVgytso](https://www.youtube.com/watch?v=tguRiVgytso)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows connector setup steps and validation inside CoPilot.
  * Walks through Docker Compose or service-level deployment changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Detection tuning

<a id="vid-AH1g3p8s2_o" />

#### Wazuh Rule Writing With CoPilot AI Module - Handle Your Alert Flooding

* Link: [https://www.youtube.com/watch?v=AH1g3p8s2\_o](https://www.youtube.com/watch?v=AH1g3p8s2_o)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows rule editing/tuning workflow so detections can be refined without leaving CoPilot.
  * Walks through Docker Compose or service-level deployment changes.
  * Highlights required service reload/restart points after configuration changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, Detection tuning

<a id="vid-llm3uSSUhqs" />

#### Mastering Wazuh's Active Response: Block Malicious IPs with CoPilot & Wazuh!

* Link: [https://www.youtube.com/watch?v=llm3uSSUhqs](https://www.youtube.com/watch?v=llm3uSSUhqs)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Demonstrates response actions tied to detections, including safer execution and control boundaries.
  * Highlights required service reload/restart points after configuration changes.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Active response automation, Detection tuning

<a id="vid-Ko5jLfkSCrk" />

#### Revolutionize Your SIEM Alerts: Integrate CoPilot & Shuffle

* Link: [https://www.youtube.com/watch?v=Ko5jLfkSCrk](https://www.youtube.com/watch?v=Ko5jLfkSCrk)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows SOC automation orchestration by connecting CoPilot-driven alerts with Shuffle playbooks.
  * Shows connector setup steps and validation inside CoPilot.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Shuffle SOAR integration, Detection tuning

<a id="vid-GWTNA-6Z_Tk" />

#### Tame the Noise: Sigma Exclusions in CoPilot for Velociraptor Alerts

* Link: [https://www.youtube.com/watch?v=GWTNA-6Z\_Tk](https://www.youtube.com/watch?v=GWTNA-6Z_Tk)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, Sigma rule workflow, Sysmon config management, Detection tuning

<a id="vid-XT1d49HTqQw" />

#### 🚀 Master Sysmon Config Management with CoPilot & Wazuh!

* Link: [https://www.youtube.com/watch?v=XT1d49HTqQw](https://www.youtube.com/watch?v=XT1d49HTqQw)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows connector setup steps and validation inside CoPilot.
  * Highlights required service reload/restart points after configuration changes.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Sysmon config management, Detection tuning

<a id="vid-Ogr70DWAeTc" />

#### Supercharge Wazuh Active Response with CoPilot: No More Limits!

* Link: [https://www.youtube.com/watch?v=Ogr70DWAeTc](https://www.youtube.com/watch?v=Ogr70DWAeTc)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Demonstrates response actions tied to detections, including safer execution and control boundaries.
  * Highlights required service reload/restart points after configuration changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, Active response automation, Detection tuning

<a id="vid-TMJOBATTK9M" />

#### Test Your Wazuh Detection Rules: One-Click Atomic Red Team + Velociraptor + CoPilot

* Link: [https://www.youtube.com/watch?v=TMJOBATTK9M](https://www.youtube.com/watch?v=TMJOBATTK9M)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows rule editing/tuning workflow so detections can be refined without leaving CoPilot.
  * Uses adversary simulation to validate that detection logic and alert routing behave as expected.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Shows practical filtering/search techniques for triage speed.
* Key CoPilot features shown: Wazuh integration, Velociraptor integration, Atomic Red Team testing, Detection rule management, Detection tuning

<a id="vid-tL3oNEx_3M8" />

#### Simulate Linux Attacks and Tune Detection Rules with Atomic Red Team

* Link: [https://www.youtube.com/watch?v=tL3oNEx\_3M8](https://www.youtube.com/watch?v=tL3oNEx_3M8)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows rule editing/tuning workflow so detections can be refined without leaving CoPilot.
  * Uses adversary simulation to validate that detection logic and alert routing behave as expected.
  * Highlights required service reload/restart points after configuration changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
* Key CoPilot features shown: Atomic Red Team testing, Detection rule management, Detection tuning

### Threat Intelligence, Vulnerability, and Security Posture

<a id="vid-FJunzP2c_mQ" />

#### Auto-Enrich Wazuh Events with Threat Intel Feeds!

* Link: [https://www.youtube.com/watch?v=FJunzP2c\_mQ](https://www.youtube.com/watch?v=FJunzP2c_mQ)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Enrichment workflows

<a id="vid-CVVj9HRtjOE" />

#### Analyzing Processes in Wazuh Alerts with Advanced Risk Scoring from Global Data

* Link: [https://www.youtube.com/watch?v=CVVj9HRtjOE](https://www.youtube.com/watch?v=CVVj9HRtjOE)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Enrichment workflows

<a id="vid-G3MDJSMvnRo" />

#### Simplify Cloud Security: ScoutSuite and Copilot Tutorial

* Link: [https://www.youtube.com/watch?v=G3MDJSMvnRo](https://www.youtube.com/watch?v=G3MDJSMvnRo)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: SCA visibility, Enrichment workflows

<a id="vid-Qnm9SXVJGWw" />

#### Integrate EPSS with Wazuh for Top-Notch Vulnerability Management!

* Link: [https://www.youtube.com/watch?v=Qnm9SXVJGWw](https://www.youtube.com/watch?v=Qnm9SXVJGWw)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Connects exposure data to prioritization so teams can address the highest-risk items first.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, EPSS enrichment, Vulnerability visibility, Enrichment workflows

<a id="vid--SVHKuQUxlI" />

#### Enhancing Web App Security: Integrating Copilot with Nuclei for Vulnerability Scanning

* Link: [https://www.youtube.com/watch?v=-SVHKuQUxlI](https://www.youtube.com/watch?v=-SVHKuQUxlI)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Connects exposure data to prioritization so teams can address the highest-risk items first.
  * Walks through Docker Compose or service-level deployment changes.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: DUO MFA ingestion, Nuclei scanning integration, SCA visibility, Vulnerability visibility, Enrichment workflows

<a id="vid-fNybop2FTRE" />

#### Boost CoPilot: IoCs from Wazuh + VirusTotal Enrichment

* Link: [https://www.youtube.com/watch?v=fNybop2FTRE](https://www.youtube.com/watch?v=fNybop2FTRE)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Shows malware/IoC enrichment flow and how reputation context changes triage decisions.
  * Shows connector setup steps and validation inside CoPilot.
  * Walks through Docker Compose or service-level deployment changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, VirusTotal enrichment, Enrichment workflows

<a id="vid-ixxVe_9LAfQ" />

#### CoPilot + VirusTotal: Instantly Scan Files for Malware!

* Link: [https://www.youtube.com/watch?v=ixxVe\_9LAfQ](https://www.youtube.com/watch?v=ixxVe_9LAfQ)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Shows malware/IoC enrichment flow and how reputation context changes triage decisions.
  * Connects exposure data to prioritization so teams can address the highest-risk items first.
  * Shows connector setup steps and validation inside CoPilot.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: VirusTotal enrichment, SCA visibility, Enrichment workflows

<a id="vid-NUrnlTvLzVk" />

#### CoPilot Supercharges Wazuh with SCA & Vulnerability Overviews

* Link: [https://www.youtube.com/watch?v=NUrnlTvLzVk](https://www.youtube.com/watch?v=NUrnlTvLzVk)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Connects exposure data to prioritization so teams can address the highest-risk items first.
  * Explains how index/search data is selected and mapped for operations.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Shows practical filtering/search techniques for triage speed.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, SCA visibility, Vulnerability visibility, Enrichment workflows

<a id="adminengineer-track" />

## Admin/Engineer Track (admins / engineers)

Connecting sources, configuring integrations, tuning detections, reporting, and platform operations.

### Start Here: Platform Overview and Installation

<a id="vid-qQbex2zAhWI" />

#### Copilot - Your Open Source Security Integrator

* Link: [https://www.youtube.com/watch?v=qQbex2zAhWI](https://www.youtube.com/watch?v=qQbex2zAhWI)
* Best for: Admin-Engineer
* What you learn:
  * Provides a guided orientation of CoPilot capabilities and where each module fits in day-to-day SOC operations.
  * Shows installation or upgrade flow with emphasis on prerequisites and expected post-install state.
  * Clarifies how CoPilot becomes the control plane across open-source SIEM and investigation tooling.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
  * Provides a concise end-to-end example that connects configuration, validation, and operational usage.
* Key CoPilot features shown: Platform onboarding

<a id="vid-CQolYA30Gls" />

#### Copilot - Your Next Open Source Security Tool

* Link: [https://www.youtube.com/watch?v=CQolYA30Gls](https://www.youtube.com/watch?v=CQolYA30Gls)
* Best for: Admin-Engineer
* What you learn:
  * Provides a guided orientation of CoPilot capabilities and where each module fits in day-to-day SOC operations.
  * Shows installation or upgrade flow with emphasis on prerequisites and expected post-install state.
  * Clarifies how CoPilot becomes the control plane across open-source SIEM and investigation tooling.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Grafana integration, Shuffle SOAR integration, Platform onboarding

<a id="vid-seITDGXAiJw" />

#### CoPilot Install

* Link: [https://www.youtube.com/watch?v=seITDGXAiJw](https://www.youtube.com/watch?v=seITDGXAiJw)
* Best for: Admin-Engineer
* What you learn:
  * Provides a guided orientation of CoPilot capabilities and where each module fits in day-to-day SOC operations.
  * Shows installation or upgrade flow with emphasis on prerequisites and expected post-install state.
  * Clarifies how CoPilot becomes the control plane across open-source SIEM and investigation tooling.
  * Covers install/upgrade checkpoints and common misconfiguration pitfalls during initial setup.
  * Shows connector setup steps and validation inside CoPilot.
  * Walks through Docker Compose or service-level deployment changes.
  * Explains how index/search data is selected and mapped for operations.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Platform onboarding

<a id="vid-7dUHSMWWTuY" />

#### CoPilot Install -- Final Update (I Hope)

* Link: [https://www.youtube.com/watch?v=7dUHSMWWTuY](https://www.youtube.com/watch?v=7dUHSMWWTuY)
* Best for: Admin-Engineer
* What you learn:
  * Provides a guided orientation of CoPilot capabilities and where each module fits in day-to-day SOC operations.
  * Shows installation or upgrade flow with emphasis on prerequisites and expected post-install state.
  * Clarifies how CoPilot becomes the control plane across open-source SIEM and investigation tooling.
  * Covers install/upgrade checkpoints and common misconfiguration pitfalls during initial setup.
  * Shows connector setup steps and validation inside CoPilot.
  * Walks through Docker Compose or service-level deployment changes.
  * Highlights required service reload/restart points after configuration changes.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Grafana integration, Platform onboarding

### Core SOC Workflows: Alerting, Case Management, and Investigations

<a id="vid-euFrHP0VkD8" />

#### Wazuh Content Pack For Graylog - Easily Configure Your SOCFortress SIEM Stack

* Link: [https://www.youtube.com/watch?v=euFrHP0VkD8](https://www.youtube.com/watch?v=euFrHP0VkD8)
* Best for: Both
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Shows connector setup steps and validation inside CoPilot.
  * Highlights required service reload/restart points after configuration changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Graylog connector, Grafana integration, Incident management, Alert triage UI

<a id="vid-ffAnV31Ne54" />

#### Wazuh Security Configuration Assessment and CoPilot - Are Your Endpoints Compliant?

* Link: [https://www.youtube.com/watch?v=ffAnV31Ne54](https://www.youtube.com/watch?v=ffAnV31Ne54)
* Best for: Both
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Shows practical filtering/search techniques for triage speed.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, SCA visibility, Incident management, Alert triage UI

<a id="vid-S2ELWusHcxA" />

#### Supercharge Open-Source Cybersecurity: Velociraptor + Sigma for Your SIEM

* Link: [https://www.youtube.com/watch?v=S2ELWusHcxA](https://www.youtube.com/watch?v=S2ELWusHcxA)
* Best for: Both
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, Sigma rule workflow, SCA visibility, Incident management, Alert triage UI

<a id="vid-31lCr80-NVM" />

#### Manage Wazuh Detection Rules with CoPilot

* Link: [https://www.youtube.com/watch?v=31lCr80-NVM](https://www.youtube.com/watch?v=31lCr80-NVM)
* Best for: Admin-Engineer
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Shows rule editing/tuning workflow so detections can be refined without leaving CoPilot.
  * Highlights required service reload/restart points after configuration changes.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, Detection rule management, Incident management, Alert triage UI

<a id="vid-l9OLtgemYOQ" />

#### Open Source SIEM Response | Dynamic Endpoint Actions with SOCFortress CoPilot

* Link: [https://www.youtube.com/watch?v=l9OLtgemYOQ](https://www.youtube.com/watch?v=l9OLtgemYOQ)
* Best for: Both
* What you learn:
  * Walks through core alert-to-case workflow so analysts can move from detection to tracked investigation quickly.
  * Shows how context (customer, asset, enrichment data) is surfaced to reduce triage friction.
  * Demonstrates practical UI actions for prioritization, ownership, and investigation progress tracking.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, Active response automation, Vulnerability visibility, Incident management, Alert triage UI

### AI Analyst and Assistant Workflows

<a id="vid--2srPC-Dw-0" />

#### AI Analyst for Wazuh Alerts: Revolutionize Your SOC with SOCFortress Copilot!

* Link: [https://www.youtube.com/watch?v=-2srPC-Dw-0](https://www.youtube.com/watch?v=-2srPC-Dw-0)
* Best for: Both
* What you learn:
  * Demonstrates natural-language investigation workflows that reduce manual querying in backend systems.
  * Shows how AI responses can accelerate common SOC questions and operational checks.
  * Covers the boundary between assisted analysis and operator validation for reliable decisions.
  * Shows guided querying against CoPilot and backend systems using natural language prompts.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Connects alert context to endpoint/asset details for analyst decision making.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, AI analyst, AI-assisted investigation

<a id="vid-FHjD9QBaLD4" />

#### AI Agent for Open Source SIEM: Wazuh, Velociraptor + CoPilot!

* Link: [https://www.youtube.com/watch?v=FHjD9QBaLD4](https://www.youtube.com/watch?v=FHjD9QBaLD4)
* Best for: Both
* What you learn:
  * Demonstrates natural-language investigation workflows that reduce manual querying in backend systems.
  * Shows how AI responses can accelerate common SOC questions and operational checks.
  * Covers the boundary between assisted analysis and operator validation for reliable decisions.
  * Shows guided querying against CoPilot and backend systems using natural language prompts.
  * Walks through Docker Compose or service-level deployment changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Explains how index/search data is selected and mapped for operations.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, Velociraptor integration, AI agent, AI-assisted investigation

<a id="vid-QaLrmSgEcLI" />

#### AI Chatbot Now With Threat Intel, Cyber News, Knowledge Base & Attack Surface!

* Link: [https://www.youtube.com/watch?v=QaLrmSgEcLI](https://www.youtube.com/watch?v=QaLrmSgEcLI)
* Best for: Both
* What you learn:
  * Demonstrates natural-language investigation workflows that reduce manual querying in backend systems.
  * Shows how AI responses can accelerate common SOC questions and operational checks.
  * Covers the boundary between assisted analysis and operator validation for reliable decisions.
  * Shows guided querying against CoPilot and backend systems using natural language prompts.
  * Explains how index/search data is selected and mapped for operations.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, AI chatbot, AI-assisted investigation

### Detection Engineering and Response Automation

<a id="vid-tguRiVgytso" />

#### Automate Your SOC: Triggering Alerts with Wazuh Rules via Copilot

* Link: [https://www.youtube.com/watch?v=tguRiVgytso](https://www.youtube.com/watch?v=tguRiVgytso)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows connector setup steps and validation inside CoPilot.
  * Walks through Docker Compose or service-level deployment changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Detection tuning

<a id="vid-AH1g3p8s2_o" />

#### Wazuh Rule Writing With CoPilot AI Module - Handle Your Alert Flooding

* Link: [https://www.youtube.com/watch?v=AH1g3p8s2\_o](https://www.youtube.com/watch?v=AH1g3p8s2_o)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows rule editing/tuning workflow so detections can be refined without leaving CoPilot.
  * Walks through Docker Compose or service-level deployment changes.
  * Highlights required service reload/restart points after configuration changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, Detection tuning

<a id="vid-llm3uSSUhqs" />

#### Mastering Wazuh's Active Response: Block Malicious IPs with CoPilot & Wazuh!

* Link: [https://www.youtube.com/watch?v=llm3uSSUhqs](https://www.youtube.com/watch?v=llm3uSSUhqs)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Demonstrates response actions tied to detections, including safer execution and control boundaries.
  * Highlights required service reload/restart points after configuration changes.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Active response automation, Detection tuning

<a id="vid-Ko5jLfkSCrk" />

#### Revolutionize Your SIEM Alerts: Integrate CoPilot & Shuffle

* Link: [https://www.youtube.com/watch?v=Ko5jLfkSCrk](https://www.youtube.com/watch?v=Ko5jLfkSCrk)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows SOC automation orchestration by connecting CoPilot-driven alerts with Shuffle playbooks.
  * Shows connector setup steps and validation inside CoPilot.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Shuffle SOAR integration, Detection tuning

<a id="vid-GWTNA-6Z_Tk" />

#### Tame the Noise: Sigma Exclusions in CoPilot for Velociraptor Alerts

* Link: [https://www.youtube.com/watch?v=GWTNA-6Z\_Tk](https://www.youtube.com/watch?v=GWTNA-6Z_Tk)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, Sigma rule workflow, Sysmon config management, Detection tuning

<a id="vid-XT1d49HTqQw" />

#### 🚀 Master Sysmon Config Management with CoPilot & Wazuh!

* Link: [https://www.youtube.com/watch?v=XT1d49HTqQw](https://www.youtube.com/watch?v=XT1d49HTqQw)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows connector setup steps and validation inside CoPilot.
  * Highlights required service reload/restart points after configuration changes.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Sysmon config management, Detection tuning

<a id="vid-Ogr70DWAeTc" />

#### Supercharge Wazuh Active Response with CoPilot: No More Limits!

* Link: [https://www.youtube.com/watch?v=Ogr70DWAeTc](https://www.youtube.com/watch?v=Ogr70DWAeTc)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Demonstrates response actions tied to detections, including safer execution and control boundaries.
  * Highlights required service reload/restart points after configuration changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, Active response automation, Detection tuning

<a id="vid-TMJOBATTK9M" />

#### Test Your Wazuh Detection Rules: One-Click Atomic Red Team + Velociraptor + CoPilot

* Link: [https://www.youtube.com/watch?v=TMJOBATTK9M](https://www.youtube.com/watch?v=TMJOBATTK9M)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows rule editing/tuning workflow so detections can be refined without leaving CoPilot.
  * Uses adversary simulation to validate that detection logic and alert routing behave as expected.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Shows practical filtering/search techniques for triage speed.
* Key CoPilot features shown: Wazuh integration, Velociraptor integration, Atomic Red Team testing, Detection rule management, Detection tuning

<a id="vid-tL3oNEx_3M8" />

#### Simulate Linux Attacks and Tune Detection Rules with Atomic Red Team

* Link: [https://www.youtube.com/watch?v=tL3oNEx\_3M8](https://www.youtube.com/watch?v=tL3oNEx_3M8)
* Best for: Both
* What you learn:
  * Shows how to move from static detections to repeatable engineering workflows for better signal quality.
  * Demonstrates automation patterns that reduce repetitive analyst actions during containment and response.
  * Covers testing/tuning loops so rule or response changes can be validated before broad rollout.
  * Shows rule editing/tuning workflow so detections can be refined without leaving CoPilot.
  * Uses adversary simulation to validate that detection logic and alert routing behave as expected.
  * Highlights required service reload/restart points after configuration changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
* Key CoPilot features shown: Atomic Red Team testing, Detection rule management, Detection tuning

### Integrations and Log Ingestion

<a id="vid-MKqByrkDqZU" />

#### Wazuh Indexer and CoPilot Integration

* Link: [https://www.youtube.com/watch?v=MKqByrkDqZU](https://www.youtube.com/watch?v=MKqByrkDqZU)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Explains how index/search data is selected and mapped for operations.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Connector onboarding

<a id="vid-MyvPmQ4Cfb0" />

#### Graylog and CoPilot Integration

* Link: [https://www.youtube.com/watch?v=MyvPmQ4Cfb0](https://www.youtube.com/watch?v=MyvPmQ4Cfb0)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Explains how index/search data is selected and mapped for operations.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Graylog connector, Connector onboarding

<a id="vid-iI6yKgKC5wk" />

#### Wazuh Manager and CoPilot Integration

* Link: [https://www.youtube.com/watch?v=iI6yKgKC5wk](https://www.youtube.com/watch?v=iI6yKgKC5wk)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Connector onboarding

<a id="vid--Cqyczg6ELE" />

#### Velociraptor and Copilot Integration

* Link: [https://www.youtube.com/watch?v=-Cqyczg6ELE](https://www.youtube.com/watch?v=-Cqyczg6ELE)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Velociraptor integration, Connector onboarding

<a id="vid-vt6M1SzNfjE" />

#### CoPilot And InfluxDB - Monitor Your SIEM Stack Servers with InfluxDB and CoPilot!

* Link: [https://www.youtube.com/watch?v=vt6M1SzNfjE](https://www.youtube.com/watch?v=vt6M1SzNfjE)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Grafana integration, InfluxDB metrics integration, Connector onboarding

<a id="vid-n9koQ1UL-L0" />

#### DFIR-IRIS and CoPilot - Bring your SOC Alerts into CoPilot

* Link: [https://www.youtube.com/watch?v=n9koQ1UL-L0](https://www.youtube.com/watch?v=n9koQ1UL-L0)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Built-in case management, SCA visibility, Connector onboarding

<a id="vid-FOOU1PQnd7g" />

#### Grafana and CoPilot Integration

* Link: [https://www.youtube.com/watch?v=FOOU1PQnd7g](https://www.youtube.com/watch?v=FOOU1PQnd7g)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Grafana integration, Connector onboarding

<a id="vid-ihj2F2rA6BQ" />

#### Seamless Office365 Integration with Wazuh: Simplified by Copilot

* Link: [https://www.youtube.com/watch?v=ihj2F2rA6BQ](https://www.youtube.com/watch?v=ihj2F2rA6BQ)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Office 365 connector, Connector onboarding

<a id="vid-YOVUOpZDEzM" />

#### Unlock Full SIEM Potential: Effortlessly Ingest Crowdstrike Events Into Your Open Source SIEM!

* Link: [https://www.youtube.com/watch?v=YOVUOpZDEzM](https://www.youtube.com/watch?v=YOVUOpZDEzM)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Demonstrates scalable ingestion patterns for third-party events into the security data pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Walks through Docker Compose or service-level deployment changes.
  * Highlights required service reload/restart points after configuration changes.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: CrowdStrike ingestion, Customer portal, Connector onboarding

<a id="vid-tgWRvOJX5HA" />

#### CoPilot Event Shipper Configuration - Ingest 3rd Party Logs into your SIEM Stack

* Link: [https://www.youtube.com/watch?v=tgWRvOJX5HA](https://www.youtube.com/watch?v=tgWRvOJX5HA)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Demonstrates scalable ingestion patterns for third-party events into the security data pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: DUO MFA ingestion, Event shipper, Connector onboarding

<a id="vid-chTthkpMpTY" />

#### Unlock Full SIEM Potential: Effortlessly Ingest DUO MFA Events Into Your Open Source SIEM!

* Link: [https://www.youtube.com/watch?v=chTthkpMpTY](https://www.youtube.com/watch?v=chTthkpMpTY)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Demonstrates scalable ingestion patterns for third-party events into the security data pipeline.
  * Walks through Docker Compose or service-level deployment changes.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: DUO MFA ingestion, Event shipper, Connector onboarding

<a id="vid-wK4aA7QrXmE" />

#### New MITRE ATT\&CK Integration in CoPilot – Game Changer for SOC Analysts!

* Link: [https://www.youtube.com/watch?v=wK4aA7QrXmE](https://www.youtube.com/watch?v=wK4aA7QrXmE)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Explains ATT\&CK mapping benefits for investigation context and coverage discussions.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: MITRE ATT\&CK mapping, Connector onboarding

<a id="vid-O5SaFwAMMtA" />

#### Supercharge Your Log Ingestion: Webhooks to SIEM Made Easy

* Link: [https://www.youtube.com/watch?v=O5SaFwAMMtA](https://www.youtube.com/watch?v=O5SaFwAMMtA)
* Best for: Admin-Engineer
* What you learn:
  * Explains how to onboard external log sources and integrations into a consistent CoPilot workflow.
  * Shows field mapping and source-specific considerations so data arrives usable for alerting and triage.
  * Demonstrates validation steps to confirm events are flowing end-to-end into the SIEM/CoPilot pipeline.
  * Demonstrates scalable ingestion patterns for third-party events into the security data pipeline.
  * Shows connector setup steps and validation inside CoPilot.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Webhook ingestion pipeline, Shuffle SOAR integration, Connector onboarding

### Threat Intelligence, Vulnerability, and Security Posture

<a id="vid-FJunzP2c_mQ" />

#### Auto-Enrich Wazuh Events with Threat Intel Feeds!

* Link: [https://www.youtube.com/watch?v=FJunzP2c\_mQ](https://www.youtube.com/watch?v=FJunzP2c_mQ)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Enrichment workflows

<a id="vid-CVVj9HRtjOE" />

#### Analyzing Processes in Wazuh Alerts with Advanced Risk Scoring from Global Data

* Link: [https://www.youtube.com/watch?v=CVVj9HRtjOE](https://www.youtube.com/watch?v=CVVj9HRtjOE)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, Enrichment workflows

<a id="vid-G3MDJSMvnRo" />

#### Simplify Cloud Security: ScoutSuite and Copilot Tutorial

* Link: [https://www.youtube.com/watch?v=G3MDJSMvnRo](https://www.youtube.com/watch?v=G3MDJSMvnRo)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: SCA visibility, Enrichment workflows

<a id="vid-Qnm9SXVJGWw" />

#### Integrate EPSS with Wazuh for Top-Notch Vulnerability Management!

* Link: [https://www.youtube.com/watch?v=Qnm9SXVJGWw](https://www.youtube.com/watch?v=Qnm9SXVJGWw)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Connects exposure data to prioritization so teams can address the highest-risk items first.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Wazuh integration, EPSS enrichment, Vulnerability visibility, Enrichment workflows

<a id="vid--SVHKuQUxlI" />

#### Enhancing Web App Security: Integrating Copilot with Nuclei for Vulnerability Scanning

* Link: [https://www.youtube.com/watch?v=-SVHKuQUxlI](https://www.youtube.com/watch?v=-SVHKuQUxlI)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Connects exposure data to prioritization so teams can address the highest-risk items first.
  * Walks through Docker Compose or service-level deployment changes.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: DUO MFA ingestion, Nuclei scanning integration, SCA visibility, Vulnerability visibility, Enrichment workflows

<a id="vid-fNybop2FTRE" />

#### Boost CoPilot: IoCs from Wazuh + VirusTotal Enrichment

* Link: [https://www.youtube.com/watch?v=fNybop2FTRE](https://www.youtube.com/watch?v=fNybop2FTRE)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Shows malware/IoC enrichment flow and how reputation context changes triage decisions.
  * Shows connector setup steps and validation inside CoPilot.
  * Walks through Docker Compose or service-level deployment changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, VirusTotal enrichment, Enrichment workflows

<a id="vid-ixxVe_9LAfQ" />

#### CoPilot + VirusTotal: Instantly Scan Files for Malware!

* Link: [https://www.youtube.com/watch?v=ixxVe\_9LAfQ](https://www.youtube.com/watch?v=ixxVe_9LAfQ)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Shows malware/IoC enrichment flow and how reputation context changes triage decisions.
  * Connects exposure data to prioritization so teams can address the highest-risk items first.
  * Shows connector setup steps and validation inside CoPilot.
  * Uses API-driven actions to push, pull, or validate security operations data.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: VirusTotal enrichment, SCA visibility, Enrichment workflows

<a id="vid-NUrnlTvLzVk" />

#### CoPilot Supercharges Wazuh with SCA & Vulnerability Overviews

* Link: [https://www.youtube.com/watch?v=NUrnlTvLzVk](https://www.youtube.com/watch?v=NUrnlTvLzVk)
* Best for: Both
* What you learn:
  * Shows how enrichment data is layered onto alerts to improve confidence and prioritization.
  * Demonstrates workflows for vulnerability, exposure, or threat context inside CoPilot operations.
  * Highlights how analysts can convert external intelligence into actionable triage or response steps.
  * Connects exposure data to prioritization so teams can address the highest-risk items first.
  * Explains how index/search data is selected and mapped for operations.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Shows practical filtering/search techniques for triage speed.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, SCA visibility, Vulnerability visibility, Enrichment workflows

### Operations, Reporting, and Customer Experience

<a id="vid-hC0JHY5WF-U" />

#### Wazuh Dashboards in Grafana & Customer Provisioning in CoPilot!

* Link: [https://www.youtube.com/watch?v=hC0JHY5WF-U](https://www.youtube.com/watch?v=hC0JHY5WF-U)
* Best for: Admin-Engineer
* What you learn:
  * Focuses on operational maturity features for customer-facing SOC delivery and service consistency.
  * Shows how to package and present outcomes for stakeholders with less manual effort.
  * Demonstrates platform workflows that improve repeatability across customers and analysts.
  * Shows reporting/dashboard workflows to communicate security posture and outcomes clearly.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Explains how index/search data is selected and mapped for operations.
  * Covers rule logic, filtering, or tuning considerations for higher-fidelity detections.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Wazuh integration, Grafana integration, Multi-tenant operations

<a id="vid-9xHr5-Wlypw" />

#### Create Custom PDF Reports in Grafana Detailing Security Events | Share with Your Clients!

* Link: [https://www.youtube.com/watch?v=9xHr5-Wlypw](https://www.youtube.com/watch?v=9xHr5-Wlypw)
* Best for: Admin-Engineer
* What you learn:
  * Focuses on operational maturity features for customer-facing SOC delivery and service consistency.
  * Shows how to package and present outcomes for stakeholders with less manual effort.
  * Demonstrates platform workflows that improve repeatability across customers and analysts.
  * Shows reporting/dashboard workflows to communicate security posture and outcomes clearly.
  * Shows connector setup steps and validation inside CoPilot.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
  * Emphasizes outcomes analysts/admins should verify after each configuration or workflow change.
* Key CoPilot features shown: Grafana integration, Reporting workflow, Multi-tenant operations

<a id="vid-_bvFejcFwFM" />

#### A Customer Portal for Your Open-Source SIEM Stack

* Link: [https://www.youtube.com/watch?v=\_bvFejcFwFM](https://www.youtube.com/watch?v=_bvFejcFwFM)
* Best for: Admin-Engineer
* What you learn:
  * Focuses on operational maturity features for customer-facing SOC delivery and service consistency.
  * Shows how to package and present outcomes for stakeholders with less manual effort.
  * Demonstrates platform workflows that improve repeatability across customers and analysts.
  * Introduces customer-facing portal workflows for transparent, self-service visibility.
  * Walks through Docker Compose or service-level deployment changes.
  * Demonstrates alert flow from detection source into CoPilot incident views.
  * Demonstrates customer-aware workflows and tenant context handling.
  * Includes practical walkthrough steps that can be replicated in production-like SOC environments.
* Key CoPilot features shown: Customer portal, Multi-tenant operations

## Index (all videos)

* [Copilot - Your Open Source Security Integrator](https://www.youtube.com/watch?v=qQbex2zAhWI) — *Best for: Admin-Engineer*
* [Copilot - Your Next Open Source Security Tool](https://www.youtube.com/watch?v=CQolYA30Gls) — *Best for: Admin-Engineer*
* [CoPilot Install](https://www.youtube.com/watch?v=seITDGXAiJw) — *Best for: Admin-Engineer*
* [CoPilot Install -- Final Update (I Hope)](https://www.youtube.com/watch?v=7dUHSMWWTuY) — *Best for: Admin-Engineer*
* [Wazuh Content Pack For Graylog - Easily Configure Your SOCFortress SIEM Stack](https://www.youtube.com/watch?v=euFrHP0VkD8) — *Best for: Both*
* [Wazuh Security Configuration Assessment and CoPilot - Are Your Endpoints Compliant?](https://www.youtube.com/watch?v=ffAnV31Ne54) — *Best for: Both*
* [Powerful Wazuh Alert Management With CoPilot!](https://www.youtube.com/watch?v=3p6qiH9UF8U) — *Best for: Operator*
* [Introducing the Datastore in CoPilot: Upload Artifacts into Cases with Ease](https://www.youtube.com/watch?v=GwPyKM2X1EM) — *Best for: Operator*
* [Supercharge Open-Source Cybersecurity: Velociraptor + Sigma for Your SIEM](https://www.youtube.com/watch?v=S2ELWusHcxA) — *Best for: Both*
* [Manage Wazuh Detection Rules with CoPilot](https://www.youtube.com/watch?v=31lCr80-NVM) — *Best for: Admin-Engineer*
* [Open Source SIEM Response | Dynamic Endpoint Actions with SOCFortress CoPilot](https://www.youtube.com/watch?v=l9OLtgemYOQ) — *Best for: Both*
* [Endpoint Investigation Made Easier: New Velociraptor Features in SOCFORTRESS CoPilot](https://www.youtube.com/watch?v=R_pG1Gx_7O8) — *Best for: Operator*
* [AI Analyst for Wazuh Alerts: Revolutionize Your SOC with SOCFortress Copilot!](https://www.youtube.com/watch?v=-2srPC-Dw-0) — *Best for: Both*
* [AI Agent for Open Source SIEM: Wazuh, Velociraptor + CoPilot!](https://www.youtube.com/watch?v=FHjD9QBaLD4) — *Best for: Both*
* [AI Chatbot Now With Threat Intel, Cyber News, Knowledge Base & Attack Surface!](https://www.youtube.com/watch?v=QaLrmSgEcLI) — *Best for: Both*
* [Automate Your SOC: Triggering Alerts with Wazuh Rules via Copilot](https://www.youtube.com/watch?v=tguRiVgytso) — *Best for: Both*
* [Wazuh Rule Writing With CoPilot AI Module - Handle Your Alert Flooding](https://www.youtube.com/watch?v=AH1g3p8s2_o) — *Best for: Both*
* [Mastering Wazuh's Active Response: Block Malicious IPs with CoPilot & Wazuh!](https://www.youtube.com/watch?v=llm3uSSUhqs) — *Best for: Both*
* [Revolutionize Your SIEM Alerts: Integrate CoPilot & Shuffle](https://www.youtube.com/watch?v=Ko5jLfkSCrk) — *Best for: Both*
* [Tame the Noise: Sigma Exclusions in CoPilot for Velociraptor Alerts](https://www.youtube.com/watch?v=GWTNA-6Z_Tk) — *Best for: Both*
* [🚀 Master Sysmon Config Management with CoPilot & Wazuh!](https://www.youtube.com/watch?v=XT1d49HTqQw) — *Best for: Both*
* [Supercharge Wazuh Active Response with CoPilot: No More Limits!](https://www.youtube.com/watch?v=Ogr70DWAeTc) — *Best for: Both*
* [Test Your Wazuh Detection Rules: One-Click Atomic Red Team + Velociraptor + CoPilot](https://www.youtube.com/watch?v=TMJOBATTK9M) — *Best for: Both*
* [Simulate Linux Attacks and Tune Detection Rules with Atomic Red Team](https://www.youtube.com/watch?v=tL3oNEx_3M8) — *Best for: Both*
* [Wazuh Indexer and CoPilot Integration](https://www.youtube.com/watch?v=MKqByrkDqZU) — *Best for: Admin-Engineer*
* [Graylog and CoPilot Integration](https://www.youtube.com/watch?v=MyvPmQ4Cfb0) — *Best for: Admin-Engineer*
* [Wazuh Manager and CoPilot Integration](https://www.youtube.com/watch?v=iI6yKgKC5wk) — *Best for: Admin-Engineer*
* [Velociraptor and Copilot Integration](https://www.youtube.com/watch?v=-Cqyczg6ELE) — *Best for: Admin-Engineer*
* [CoPilot And InfluxDB - Monitor Your SIEM Stack Servers with InfluxDB and CoPilot!](https://www.youtube.com/watch?v=vt6M1SzNfjE) — *Best for: Admin-Engineer*
* [DFIR-IRIS and CoPilot - Bring your SOC Alerts into CoPilot](https://www.youtube.com/watch?v=n9koQ1UL-L0) — *Best for: Admin-Engineer*
* [Grafana and CoPilot Integration](https://www.youtube.com/watch?v=FOOU1PQnd7g) — *Best for: Admin-Engineer*
* [Seamless Office365 Integration with Wazuh: Simplified by Copilot](https://www.youtube.com/watch?v=ihj2F2rA6BQ) — *Best for: Admin-Engineer*
* [Unlock Full SIEM Potential: Effortlessly Ingest Crowdstrike Events Into Your Open Source SIEM!](https://www.youtube.com/watch?v=YOVUOpZDEzM) — *Best for: Admin-Engineer*
* [CoPilot Event Shipper Configuration - Ingest 3rd Party Logs into your SIEM Stack](https://www.youtube.com/watch?v=tgWRvOJX5HA) — *Best for: Admin-Engineer*
* [Unlock Full SIEM Potential: Effortlessly Ingest DUO MFA Events Into Your Open Source SIEM!](https://www.youtube.com/watch?v=chTthkpMpTY) — *Best for: Admin-Engineer*
* [New MITRE ATT\&CK Integration in CoPilot – Game Changer for SOC Analysts!](https://www.youtube.com/watch?v=wK4aA7QrXmE) — *Best for: Admin-Engineer*
* [Supercharge Your Log Ingestion: Webhooks to SIEM Made Easy](https://www.youtube.com/watch?v=O5SaFwAMMtA) — *Best for: Admin-Engineer*
* [Auto-Enrich Wazuh Events with Threat Intel Feeds!](https://www.youtube.com/watch?v=FJunzP2c_mQ) — *Best for: Both*
* [Analyzing Processes in Wazuh Alerts with Advanced Risk Scoring from Global Data](https://www.youtube.com/watch?v=CVVj9HRtjOE) — *Best for: Both*
* [Simplify Cloud Security: ScoutSuite and Copilot Tutorial](https://www.youtube.com/watch?v=G3MDJSMvnRo) — *Best for: Both*
* [Integrate EPSS with Wazuh for Top-Notch Vulnerability Management!](https://www.youtube.com/watch?v=Qnm9SXVJGWw) — *Best for: Both*
* [Enhancing Web App Security: Integrating Copilot with Nuclei for Vulnerability Scanning](https://www.youtube.com/watch?v=-SVHKuQUxlI) — *Best for: Both*
* [Boost CoPilot: IoCs from Wazuh + VirusTotal Enrichment](https://www.youtube.com/watch?v=fNybop2FTRE) — *Best for: Both*
* [CoPilot + VirusTotal: Instantly Scan Files for Malware!](https://www.youtube.com/watch?v=ixxVe_9LAfQ) — *Best for: Both*
* [CoPilot Supercharges Wazuh with SCA & Vulnerability Overviews](https://www.youtube.com/watch?v=NUrnlTvLzVk) — *Best for: Both*
* [Wazuh Dashboards in Grafana & Customer Provisioning in CoPilot!](https://www.youtube.com/watch?v=hC0JHY5WF-U) — *Best for: Admin-Engineer*
* [Create Custom PDF Reports in Grafana Detailing Security Events | Share with Your Clients!](https://www.youtube.com/watch?v=9xHr5-Wlypw) — *Best for: Admin-Engineer*
* [A Customer Portal for Your Open-Source SIEM Stack](https://www.youtube.com/watch?v=_bvFejcFwFM) — *Best for: Admin-Engineer*
