Red team on steroids — at SIEM-breaking scale.

Fire massive, realistic attack traffic at Wazuh over TCP syslog — sustaining tens of thousands of events per second from one multi-core engine.

Tens of thousands of EPSMTTD p50 / p95 / p99Wazuh-native syslog
Book a Demo →Visit Firehose
Firehose · attack-traffic generation
Firehose dashboard
High-volume load
A multi-core engine that sustains real, high-throughput traffic.
Realistic attack patterns
MITRE-tagged scenarios, attack chains, and a behavior simulator — not toy data.
Detection validation
Prove your Wazuh pipeline catches attacks and measure how fast.
Reusable SIEM profiles
Describe a Wazuh target once and fire test after test.
How it works

Up and running in three steps.

1

Define a test

Pick attack scenarios, MITRE techniques, and a saved Wazuh profile to fire at.

2

Fire across all your cores

A multi-process worker engine fans load across CPU cores for sustained throughput.

3

Measure detection under load

Track events sent, alerts caught, and MTTD percentiles under real pressure.

Capabilities

Everything in Firehose.

Multi-core load engine

Per-core worker processes push sustained, high-volume traffic from one host.

Realistic attack scenarios

Weighted scenario mixes, multi-stage attack chains, and a Markov-style behavior simulator.

Reusable Wazuh profiles

Saved Wazuh targets — syslog host, alerts source, and tuning — ready to fire.

Detection validation

Confirm your Wazuh pipeline catches attacks and surfaces the right rules under pressure.

Live system metrics

Per-core CPU, throughput, backpressure, and failure tracking in real time.

MTTD percentile reporting

Mean time to detect at p50, p95, and p99 — not just the average.

FAQ

Common questions.

Stress-test your detections at scale.

See how Firehose pushes your Wazuh pipeline to its limits.

Book a Demo →Visit Firehose