30

SOC Automation Lab

A complete SOC automation home lab with fully functional SIEM+SOAR using Wazuh, The Hive and Shuffler

GitHub

Overview

  • Installed Sysmon on windows VM hosted using Azure Virtual Machines
  • Wazuh and The Hive were configured on different vm's to handle logs and alerts respectively
  • VirusTotal was deployed to detect Mimikatz activity
  • Shuffler acted as SOAR which was configured to alert the SOC analyst via email of any malicious activity like mimikatz in this project