Abstract
<jats:p>Data exfiltration activities constitute one of the most serious threats to information system security, in which data are covertly transmitted from internal systems to unauthorized external parties. This study aims to implement a Security Information and Event Management (SIEM) system using Wazuh integrated with a Telegram bot to detect data exfiltration activities in real time. The research methodology consists of designing a simulated network topology, conducting attack testing using various data exfiltration methods, analyzing log results, and evaluating notifications delivered through the Telegram bot. The experiments were conducted under two scenarios: a hardened server and a server with active vulnerabilities. Through this approach, the system is expected to provide early warnings and increase awareness of potential data leakage. This research contributes to the development of a security monitoring system that is adaptive and responsive to data exfiltration threats. Based on several tests conducted, DNS and TCP exfiltration tests using a hardened Ubuntu agent achieved a time to detect of 11.6–15 seconds, and notifications were successfully delivered to the Telegram application.</jats:p>