Inspiration
The SOC Automation Project was inspired by my passion for cybersecurity and my desire to understand real-world security operations. I wanted to bridge the gap between theoretical knowledge and practical implementation by creating a comprehensive lab environment that mirrors professional SOC setups.
What it does
The project establishes a simulated Security Operations Center (SOC) environment using VMware, Windows 10 Pro, and a suite of open-source tools like Wazuh and TheHive. It automates threat detection, incident response workflows, and integrates with external services like VirusTotal for enhanced threat intelligence.
How I built it
I began by setting up VMware on my local machine and installing Windows 10 Pro to simulate endpoint environments. Utilizing DigitalOcean's cloud platform, I deployed Ubuntu servers to host Wazuh and TheHive, configuring each tool meticulously to ensure seamless integration and functionality.
Challenges I ran into
One of the main challenges was configuring Sysmon effectively on Windows 10 Pro within VMware to capture detailed system activity without impacting performance. Integrating Cassandra and Elasticsearch posed another challenge, requiring in-depth knowledge of NoSQL databases and real-time data indexing.
Accomplishments that I'm proud of
I'm proud to have successfully automated incident response workflows using Shuffle, integrating Wazuh alerts with VirusTotal API for automated threat analysis. Creating custom detection rules in Wazuh to detect Mimikatz and its variants was particularly rewarding, as it enhanced our ability to respond to sophisticated attacks.
What I learned
This project provided invaluable hands-on experience in cybersecurity tools, network configurations, and automation. I learned to deploy and configure complex security systems, manage data storage solutions like Cassandra and Elasticsearch, and implement effective incident response strategies.
What's next for SOC Automation Project
Moving forward, I plan to expand the project by integrating machine learning models for anomaly detection, enhancing automation capabilities through advanced scripting, and conducting more extensive testing to refine detection and response times. I aim to continuously update and optimize the SOC environment to stay ahead of evolving cybersecurity threats.
Built With
- bash
- cassandra
- elasticsearch
- mimikatz
- shuffle
- sysmon
- thehive
- wazuh
Log in or sign up for Devpost to join the conversation.