As a graduation project, we created an EDR system using Sysmon and Wazuh. Creating logs and getting them to Wazuh server were easy. The problem was to generate alerts and mapping logs to MITRE ATT&CK framework. Wazuh needs custom rules to generate alerts.
We parsed and edited the rules to add MITRE ATT&CK mapping.