This repository documents my journey in creating a SOC Automation Homelab, inspired by the MyDFIR's tutorial series. The project's goal is to set up a comprehensive Security Operations Center (SOC) with Wazuh instance, SOAR integration, and TheHive for case management.
The SOC Automation Homelab is designed to provide practical experience in cybersecurity operations. It involves:
- Setting up a Wazuh instance for security monitoring.
- Integrating SOAR for streamlined incident response.
- Implementing TheHive for effective case management.
/SOC%20Automation%20Project%20Diagram.drawio.png)
For an interactive view of the diagram, please see the SOC Automation Project Diagram.
- Objective: Build a logical diagram for the SOC Automation Homelab.
- Tools Used: draw.io
- Key Learnings: Understanding of SOC components and their interactions.
- Link to Part 1 Details
- Objective: Install essential applications and virtual machines.
- Tools Used: Windows 10, Sysmon, Wazuh, The Hive
- Key Learnings: Setup and configuration of SOC tools.
- Link to Part 2 Details
- Objective: Configure The Hive and Wazuh servers.
- Key Learnings: Effective configuration for SOC operations.
- Link to Part 3 Details
- Objective: Generate and ingest telemetry from a Windows 10 machine into Wazuh.
- Tools Used: Windows 10, Wazuh, Mimikatz
- Key Learnings: Telemetry analysis and custom alert creation in Wazuh.
- Link to Part 4 Details
- Wazuh Instance: For security monitoring and alerting.
- SOAR Integration: To automate and accelerate incident response.
- TheHive: For efficient case management and tracking.
- draw.io for diagram creation.
- Digital Ocean as Cloud Provider.
- Wazuh for security monitoring.
- SOAR tools for incident response automation.
- TheHive for case management.
For inquiries or feedback regarding this project, please contact me at:
- Email: thuynh93@gmail.com
- LinkedIn: Your LinkedIn Profile