Red team on steroids, at SIEM-breaking scale.

Fire massive, realistic attack traffic at Wazuh over TCP syslog, sustaining tens of thousands of events per second from one multi-core engine.

Tens of thousands of EPSMTTD p50 / p95 / p99Wazuh-native syslog
Visit Firehose
Firehose · attack-traffic generation
Firehose dashboard
High-volume load
A multi-core engine that sustains real, high-throughput traffic.
Realistic attack patterns
MITRE-tagged scenarios, attack chains, and a behavior simulator, not toy data.
Detection validation
Prove your Wazuh pipeline catches attacks and measure how fast.
Reusable SIEM profiles
Describe a Wazuh target once and fire test after test.
How it works

Up and running in three steps.

1

Define a test

Pick attack scenarios, MITRE techniques, and a saved Wazuh profile to fire at.

2

Fire across all your cores

A multi-process worker engine fans load across CPU cores for sustained throughput.

3

Measure detection under load

Track events sent, alerts caught, and MTTD percentiles under real pressure.

Capabilities

Everything in Firehose.

Multi-core load engine

Per-core worker processes push sustained, high-volume traffic from one host.

Realistic attack scenarios

Weighted scenario mixes, multi-stage attack chains, and a Markov-style behavior simulator.

Reusable Wazuh profiles

Saved Wazuh targets, syslog host, alerts source, and tuning, ready to fire.

Detection validation

Confirm your Wazuh pipeline catches attacks and surfaces the right rules under pressure.

Live system metrics

Per-core CPU, throughput, backpressure, and failure tracking in real time.

MTTD percentile reporting

Mean time to detect at p50, p95, and p99, not just the average.

FAQ

Common questions.

Subscribe to our newsletter

Get the latest security tips, product updates, and news delivered to your inbox.