SOC: Security Operations Center

Description

Building a custom, open-source SOC
Click here to discover a detailed documentation about the final result of this assignment
December 2022

This assignment was a solo project in which you had to build your own security operations center, combining a variety of tools into one overall working solution. Tools such as firewall, SIEM, SOAR, Incident Management tooling, etc. are combined to create a complete flow from tracking the initial compromise to automatically creating a logged incident with automated threa intelligence data gathering. As this course is part of our eduction in cloud and cybersecurity, i combined both aspects and provided the end solution in the cloud (Google Cloud Platform). Some of my learning points included:

Build a custom, open-source SOC in the cloud (GCP)
Learn how to integrate a variety of tools into one solution (security engineering)
Launch red team opeations from a specialized tool called Caldera to automate SOC testing / training
Integrate your SOC with existing virtual machines (Windows and Linux)

Technology / Skills

SIEM - Security Incident and Event Management (Wazuh)
SOAR - Security Orchestration and Automated Response (Shuffle.io)
Incident Management tooling (TheHive5)
Threat Intelligence tooling (VirusTotal API)
Google Cloud Platform (GCP)
Docker and virtualization