VIRUSTOTAL INTEGRATED WAZUH CONFIGURATION AUTOMATION USING ANSIBLE TO DETECT AND PROTECT AGAINST MALWARE ATTACKS

Article Sidebar

PDF (Indonesian)
Published: Jul 13, 2025
DOI: https://doi.org/10.30742/melekitjournal.v11i1.403
Keywords:
Automation, Wazuh, Ansible, VirusTotal, Malware

Main Article Content

MUHAMAD ALVAN EKAWAN PUTRA
Universitas Bumigora
I Putu Hariyadi
Universitas Bumigora
Khairan Marzuki

Abstract

The rapid advancement of digital technology has increased the risk of malware that can disrupt systems, steal data, and hinder operations. Wazuh emerges as an open-source solution capable of detecting suspicious activities through log analysis. However, its accuracy can be enhanced by integrating VirusTotal as a verification service for suspicious files. The main objective of this study is to develop an Ansible playbook to automate the installation process, Wazuh configuration, integration with VirusTotal, and real-time notification delivery to Telegram. The method used is the Network Development Life Cycle (NDLC) approach, consisting of three stages: analysis, design, and simulation prototyping. The analysis stage involves literature review and comparison of previous studies. The design stage covers network, system, and IP configuration planning. The simulation is conducted in a virtual environment using five virtual machines consisting of a Wazuh server, Ansible server, two agents (Windows and Linux), and an additional VM for configuration automation testing. The results show that the developed system effectively detects three main types of malware (trojan, ransomware, and worm), performs active response, and sends alerts automatically via Telegram. Installation and configuration processes become faster and more consistent thanks to the Ansible playbook. The system also proves to be reliable and efficient in handling malware attacks automatically. Active response timing varies for each type of malware—both in detection and removal—affected by internet connection quality and API usage time limits, leading to time differences. Additionally, the use of Ansible significantly reduces configuration time and minimizes the potential for human error during deployment in the virtual network environment. The conclusion of this study is that the integration of Wazuh and VirusTotal with Ansible-based configuration automation improves efficiency, accuracy, and scalability in malware detection and protection. This automation not only accelerates the security process but also reduces manual configuration errors, offering a more robust security solution that can be further developed.

Downloads

Download data is not yet available.

Article Details

How to Cite
[1]
“VIRUSTOTAL INTEGRATED WAZUH CONFIGURATION AUTOMATION USING ANSIBLE TO DETECT AND PROTECT AGAINST MALWARE ATTACKS”, MelekIT, vol. 11, no. 1, pp. 55–66, Jul. 2025, doi: 10.30742/melekitjournal.v11i1.403.
Issue
Vol. 11 No. 1 (2025): Melek IT: Information Technology Journal
Section
Original Research
Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

How to Cite

[1]
“VIRUSTOTAL INTEGRATED WAZUH CONFIGURATION AUTOMATION USING ANSIBLE TO DETECT AND PROTECT AGAINST MALWARE ATTACKS”, MelekIT, vol. 11, no. 1, pp. 55–66, Jul. 2025, doi: 10.30742/melekitjournal.v11i1.403.
Crossref
Scopus
Google Scholar
Europe PMC

References

E. Valdis Tjahjadi And B. Santoso, “Klasifikasi Malware Menggunakan Teknik Machine Learning,” Copyright Balok, Vol. 2, No. 1, 2023, [Online]. Available: Https://Www.Kaggle.Com/Datasets/Amauricio/Pe-Files-Malwares.

M. R. T. Hidayat, N. Widiyasono, And R. Gunawan, “Optimasi Deteksi Malware Pada Siem Wazuh Melalui Integrasi Cyber Threat Intelligence Dengan Misp Dan Dfir-Iris,” Jurnal Informatika Dan Teknik Elektro Terapan, Vol. 13, No. 1, Jan. 2025, Doi: 10.23960/Jitet.V13i1.5686.

F. A. Saputra Et Al., “Jurnal Informatika Terpadu Implementasi Wazuh Siem Untuk Manajemen Log Event Di Pesantren Teknologi Informasi Dan Komunikasi Jombang,” Jurnal Informatika Terpadu, Vol. 10, No. 2, Pp. 146–155, 2024, [Online]. Available: Https://Journal.Nurulfikri.Ac.Id/Index.Php/Jit

P. Sistem Pelayanan Dinas Kependudukan Dan Pencatatan Sipil Yesi Nurhana Dalimonthe, A. Dina Kalifia, S. Diwandari, F. Sains Dan Teknologi, And U. Teknologi Yogyakarta, “Pemanfaatan Api (Application Programming Interface) Untuk,” Jurnal Tekinkom, Vol. 6, No. 2, P. 2023, Doi: 10.37600/Tekinkom.V6i2.1053.

J. Misquitta And A. K, “A Comparative Study Of Malicious Url Detection: Regular Expression Analysis, Machine Learning, And Virustotal Api,” Dec. 01, 2023. Doi: 10.21203/Rs.3.Rs-3685949/V1.

B. Haryanto And D. W. Chandra, “Implementasi Wazuh Integritas File Untuk Perlindungan Keamanan Berdasarkan Aktivitas Log Di Btsi Uksw”, Jurnal Indonesia Manajemen Informatika Dan Komunikasi, Vol. 5, No. 1, Pp. 183–192, Jan. 2024, Doi: 10.35870/Jimik.V5i1.447.

A. Shafiyyah, G. F. Nama, And R. A. Pradipta, “Implementasi Wazuh Menggunakan Metode Ppdioo Di Sistem Keamanan Jaringan Psdku Universitas Lampung Waykanan Sebagai Deteksi Dan Respon Serangan Siber,” Jurnal Informatika Dan Teknik Elektro Terapan, Vol. 12, No. 2, Apr. 2024, Doi: 10.23960/Jitet.V12i2.4074.

M. Zulfikri, M. Syahrir, W. Kusuma, M. Z. Program, And S. T. Informasi, “Pelatihan Implementasi Security Event Monitoring Berbasis Wazuh/Siem Pada Aplikasi Command Center Pemerintah Provinsi Nusa Tenggara Barat,” 2025.

M. Dehan Pratama, F. Nova, And D. Prayama, “Wazuh Sebagai Log Event Management Dan Deteksi Celah Keamanan Pada Server Dari Serangan Dos.” [Online]. Available: Http://Jurnal-Itsi.Org

D. P. Penyebaran, M. Menggunakan, W. Denny, P. Widyantono, And W. Sulistyo, “Pemodelan Instrusion Prevention System Untuk Pendeteksi,” 2023. [Online]. Available: Https://Journal-Computing.Org/Index.Php/Journal-Ita/Index

A. Andika And R. Efendi, M.Kom, “Simulasi Dan Analisis Efektivitas Sistem Keamanan Jaringan Menggunakan Intrusion Prevention System (Ips) Berbasis Wazuh,” Jurnal Pendidikan Teknologi Informasi (Jukanti), Vol. 8, No. 1, Pp. 17–24, Apr. 2025, Doi: 10.37792/Jukanti.V8i1.1454.

Y. Dwi Et Al., “Analisis Malware Menggunakan Metode Analisis Statis Dan Dinamis Untuk Pembuatan Ioc Berdasarkan Stix Versi 2.1.”

M. A. Fahrudi And I. M. Suartana, “Integrasi End-Point Security Berbasis Agent Dan Bot Messenger Untuk Deteksi Dan Monitoring Serangan Pada Web Server Secara Real-Time,” Journal Of Informatics And Computer Science, Vol. 04, 2023.

J. Elektro Et Al., “Serta Analisis Malware Menggunakan Malware Analysis System Implementation Of The Local Network Security System Using A Honeypot Dionaea, And Ids, Also Malware Analysis Using Malware Analysis System.”

R. Danil Fajri And R. Djutalov, “Implementasi Jaringan Hotspot Menggunakan Mikrotik Untuk Rt Rw.Net Dengan Menggunakan Metode Network Development Life Cycle (Ndlc) Pada Kampung Kelapa Indah Tangerang.” [Online]. Available: Https://Journal.Mediapublikasi.Id/Index.Php/Logic

D. Suryono And D. W. Chandra, “Analisis Keamanan Jaringan Hardware Trojan Pada Iot,” Jurnal Teknik Informatika Dan Sistem Informasi, Vol. 9, No. 4, 2022, [Online]. Available: Http://Jurnal.

M. Rijal Et Al., “Perbandingan Kinerja Metode Seleksi Fitur Untuk Mendeteksi Aktivitas Trojan Performance Comparison Of Feature Selection Methods For Detecting Trojan Activity.”

A. B. Siber, S. Negara, B. Siber, And J. S. Pramudito, “Metode Cepat Identifikasi Dan Mitigasi Malware Ransomware Ketika Terjadi Serangan Siber Ramadhan Ibrahim.”

T. A. Cahyanto, V. Wahanggara, D. Ramadana, And J. T. Informatika, “Analisis Dan Deteksi Malware Menggunakan Metode Malware Analisis Dinamis Dan Malware Analisis Statis.”

S. Sumarno, “Analisis Cara Kerja Sistem Deteksi Infeksi Worm Pada Komputer,” Metik Jurnal, Vol. 7, No. 2, Pp. 93–100, Dec. 2023, Doi: 10.47002/Metik.V7i2.636.