🦑𝐁𝐮𝐢𝐥𝐝𝐢𝐧𝐠 𝐒𝐎𝐂 𝐇𝐨𝐦𝐞 𝐋𝐚𝐛 :
A Security Operations Center (SOC) is vital for any organization. In this project, I designed and deployed a fully functional SOC home lab using open-source tools: Wazuh, ELK Stack, TheHive, and Cortex.

𝐎𝐛𝐣𝐞𝐜𝐭𝐢𝐯𝐞𝐬 :
Ensure proactive monitoring and efficient incident management.
Simulate attack scenarios to test detection and response capabilities.

𝐓𝐡𝐞 𝐖𝐨𝐫𝐤𝐟𝐥𝐨𝐰 :
Wazuh Agents: Collect security data from various systems (Linux and Windows) and send it to the Wazuh Manager.

Wazuh (SIEM): Transfers data via Filebeat to Elasticsearch for storage and analysis.

Kibana: Visualizes data through dashboards with the Wazuh plugin for real-time monitoring.

TheHive (Incident Management Platform): Manages incidents using data from the Wazuh Manager.

Cortex (Automated Analysis Engine): Automates analyses and integrates with VirusTotal for suspicious file evaluation.

SOC Analyst: Utilizes these tools collectively to monitor systems, analyze incidents, and respond effectively to security threats.

𝐓𝐞𝐬𝐭𝐢𝐧𝐠 𝐚𝐧𝐝 𝐑𝐞𝐬𝐮𝐥𝐭𝐬 :
To validate the lab's performance, I executed multiple attack scenarios to ensure the tools could detect, analyze, and respond effectively. Example scenarios include:
+ Malware detection: Identifying malicious files and responding appropriately.
+ SQL injection attack detection: Detecting and mitigating database attack attempts.

Thank you Mohamed Benkhirat for you nice content.


@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Cactus #Ransomware Targets awimccom

https://undercodenews.com/cactus-ransomware-targets-awimccom/

@Undercode_News

🔒 Lockbit3 #Ransomware Targets Marmon-Herrington

https://undercodenews.com/lockbit3-ransomware-targets-marmon-herrington/

@Undercode_News

🟠 Solana SPL Token Swap, Unsound Usages of Type Casting (Moderate)

https://dailycve.com/solana-spl-token-swap-unsound-usages-of-type-casting-moderate/

@DailyCVE

🟠 KVM, Undefined Behavior, #CVE-2024-XXX (Moderate)

https://dailycve.com/kvm-undefined-behavior-cve-2024-xxx-moderate/

@Daily_CVE

A Wave of Strikes: #Amazon, Starbucks, and the Fight for Union Recognition

https://undercodenews.com/a-wave-of-strikes-amazon-starbucks-and-the-fight-for-union-recognition/

@Undercode_News

Ultramarine #Linux 40: A Refined and Elegant #Fedora Spin

https://undercodenews.com/ultramarine-linux-40-a-refined-and-elegant-fedora-spin/

@Undercode_News

Full Speed Ahead: Self-Driving Cars Poised for Explosive Growth Under Trump

https://undercodenews.com/full-speed-ahead-self-driving-cars-poised-for-explosive-growth-under-trump/

@Undercode_News

#Ransomware Group Ransomhub Targets Semfincom

https://undercodenews.com/ransomware-group-ransomhub-targets-semfincom/

@Undercode_News

📧 Spread Holiday Cheer with a Personalized Video Message from Santa

https://undercodenews.com/spread-holiday-cheer-with-a-personalized-video-message-from-santa/

@Undercode_News

Ray-Ban Meta Smart Glasses: A Glimpse into the Future of AR

https://undercodenews.com/ray-ban-meta-smart-glasses-a-glimpse-into-the-future-of-ar/

@Undercode_News

🔵 Sure, here is the article rewritten without code and summarized:

https://dailycve.com/sure-here-is-the-article-rewritten-without-code-and-summarized/

@Daily_CVE

📱 #Copilot Gets a Native App on #Windows 11: A Closer Look

https://undercodenews.com/copilot-gets-a-native-app-on-windows-11-a-closer-look/

@Undercode_News

🔴 Apache Hive, Spark: CookieSigner Exposes Correct Signature on Verification Failure (High)

https://dailycve.com/apache-hive-spark-cookiesigner-exposes-correct-signature-on-verification-failure-high/

@Daily_CVE

🖥️ The Rise of Non-Human Identities: Managing the Explosion of Machine Identities in the Enterprise

https://undercodenews.com/the-rise-of-non-human-identities-managing-the-explosion-of-machine-identities-in-the-enterprise/

@Undercode_News

📊 The Sunset of Truth: State Department's Disinformation Center Shuttered

https://undercodenews.com/the-sunset-of-truth-state-departments-disinformation-center-shuttered/

@Undercode_News