Project

This repository documents a cloud-based Security Operations Center (SOC) automation project integrating Azure, Splunk, N8N, and ChatGPT to enhance SOC workflows. The project automates security alert processing, threat intelligence enrichment, severity assessment, and action recommendations, with outputs sent to Slack for analyst review.

Objective: Develop an end-to-end automated SOC workflow using n8n. Configure Splunk as the SIEM for log ingestion from a Windows 10 VM. Generate alerts in Splunk, route them to n8n for processing, enrich with OSINT tools, summarize findings using OpenAI, and deliver actionable notifications to Slack.

A Hands-on guide to building AI-driven SOC workflows with Splunk and n8n. Learn to set up VMs, ingest telemetry, create alerts, and automate responses to streamline detection and incident response.