Home SOC Setup

Built a full SOC lab as an end-to-end detection lifecycle: endpoint telemetry collection, log normalization, correlation, triage, and post-incident review. Instead of only deploying tools, we focused on repeatable detection engineering and documented what made alerts actionable.

System Architecture

The environment is structured as a multi-zone network featuring virtualized Windows and Linux endpoints. It utilizes Sysmon and Windows Event logs for host-based monitoring, with all telemetry forwarded to a central Wazuh manager. Network segmentation ensures isolation between attack nodes and the monitoring infrastructure.

Implementation Strategy

Configuring cross-platform log normalization, tuning Wazuh Decors/Rules for high-fidelity alerts, and maintaining secure isolation for malicious activity testing.

Technical Outcome

Established a repeatable detection engineering pipeline focusing on log correlation, rule precision, and incident analysis maturity.

Key Features

Virtualized SIEM deployment with multi-os telemtry collection

Custom detection rule engineering for common attack techniques

Automated attack simulation for alert validation

Integrated incident response playbooks and alert triage workflows

Continue Exploration

Next Project

GreenGuard — Smart Greenhouse