Minecraft X‑Ray Detection Dashboard with Wazuh

PaperMC + Sentinel plugin + Wazuh SIEM visualizations

Summary

End-to-end integration of Minecraft anti-cheat telemetry with Wazuh SIEM for real-time X-ray detection monitoring and dashboard visualization.

  • Deployed PaperMC server with Sentinel anti-cheat plugin for behavioral monitoring
  • Configured Wazuh Agent to collect and forward JSON logs to existing SIEM infrastructure
  • Created dedicated Minecraft group and normalized log fields for proper aggregation
  • Designed custom visualizations and dashboard for multiplayer server oversight
Wazuh Minecraft Anti-Cheat JSON Logs Dashboard
Step 1

Start PaperMC server from JAR

Start PaperMC server from JAR

Boot a PaperMC instance locally using the server JAR to host a test world for telemetry.

Step 2

Build the Sentinel plugin

View the Sentinel project Build the Sentinel plugin

Compile the full Sentinel plugin and prepare the output JAR for deployment on the server.

Step 3

Load plugin on startup

Load plugin on startup

Place the plugin JAR at plugins/sentinelsnapshot.jar; verify it loads cleanly on server start.

Step 4

Reuse prior Wazuh server; create Minecraft group

Create Minecraft group in Wazuh

Leverage the existing Wazuh SIEM from a prior lab. Create a dedicated group (e.g., sentinel-mc-server) to isolate Minecraft telemetry.

Step 5

Install Wazuh Agent on the MC host

Install Wazuh Agent on the Minecraft host

Deploy the agent on the same machine as the server to ship JSON logs produced by Sentinel.

Step 6

Point agent to correct log file and SIEM IP

Configure agent file paths and SIEM IP

Update the agent configuration to monitor the Sentinel JSON log and forward events to the Wazuh server’s IP.

Step 7

Register agent with Wazuh

Register Wazuh agent

Enroll the host in Wazuh and assign it to the sentinel-mc-server group for policy and views.

Step 8

Harden agent config; enable JSON log analysis

Adjust agent configuration for JSON log analysis

Disable unnecessary modules and tune log collection to focus on Sentinel’s JSON output for efficient parsing.

Step 9

Join server and generate X‑ray behavior

Join server and generate X-ray behavior

Enter the world and intentionally simulate suspicious mining to validate detections.

Step 10

Confirm alerts in Wazuh

Confirm alerts in Wazuh

Observe alerts flowing into Wazuh—initially unstructured for gameplay analytics use‑cases.

Step 11

Normalize fields for dashboarding

Normalize fields for dashboarding

Adjust mappings (e.g., cast suspicion score to an integer) to make metrics aggregable and sortable.

Step 12

Create multiplayer‑friendly visualizations

Create multiplayer visualizations

Design views by player, time window, and severity to track behavior across a live server.

Step 13

Trend X‑ray detections over time

Trend X-ray detections over time

Add a time series panel to chart total detections by interval for easy spotting of spikes.

Step 14

Assemble a focused dashboard

Assemble a focused dashboard

Combine the visualizations into a single, simple dashboard purpose‑built for gameplay oversight.

Back to Labs