A SOC home lab built with Wazuh SIEM/XDR, pfSense, Suricata IDS/IPS, VirusTotal and Sysmon. Demonstrating log collection, threat detection, and attack simulation.

End-to-End Security Lab implementing Sysmon telemetry and Splunk detection for Windows and Active Directory threats. Developed a custom Python SOAR framework to automate alert triage, perform artifact enrichment, map to MITRE ATT&CK, and automatically create incident tickets in Jira.

End-to-end threat detection lab using Wazuh, Sysmon, and VMware.

Hands-on SOC lab using Splunk, Sysmon, and Windows event logs for threat detection

This project creates an Active Directory (AD) security lab integrating Splunk for log collection, Sysmon for telemetry, and Atomic Red Team for attack simulations. It provides hands-on experience in configuring network security, detecting cyberattacks and analyzing telemetry, making it ideal for learning blue team operations and threat detection.

Mini SOC Lab using Wazuh SIEM and Sysmon to build a hands-on Security Operations Center environment. This lab includes installation, configuration, custom detection rules, and attack simulation on Windows and Ubuntu VMs. Ideal for learning real-world threat detection, log analysis, and SOC workflows.

This lab simulates cyberattacks to help you learn how to detect and analyze threats. Kali Linux acts as the attacker, Windows 11 logs activities with Sysmon, and Splunk collects and analyzes those logs. It’s used to practice threat detection, incident response, and security monitoring.

A comprehensive SOC Home Lab environment built with Oracle VirtualBox, featuring a Windows 10 victim and a Kali Linux adversary. This project demonstrates hands-on experience in threat detection engineering by using Sysmon for endpoint monitoring and Splunk SIEM for continuous log analysis and adversary activity mapping

Built a Security Information and Event Management (SIEM) lab using the ELK Stack to simulate real-world attack scenarios. Configured Elastic Agent on Windows endpoints to collect Sysmon and Microsoft Defender logs, detection brute-force and malware events, and created Kibana dashboards for real-time threat monitoring.

This repository showcases how I configured a SOC home lab using VirtualBox, deploying a Windows server host and a linux host to forward Sysmon logs via Splunk Universal Forwarder to a Splunk server. Integrated Atomic Red Team to simulate attack scenarios, generating logs for monitoring and analysis in Splunk for threat detection.

This project demonstrates detection and investigation of suspicious activities using Sysmon logs in Splunk.

End-to-End SOC Threat Detection and Incident Response Platform using Splunk SIEM, Suricata IDS, and Sysmon with MITRE ATT&CK mapping.

Wazuh SIEM + Sysmon based Endpoint Detection & Threat Analysis Lab

Home SOC Lab with Splunk & Sysmon for threat detection

This repository contains practical **SOC monitoring and detection use cases** using Wazuh and Sysmon. The objective is to detect, correlate, and respond to malicious activities in real-time, including PowerShell abuse, persistence mechanisms, and data exfiltration.

Cybersecurity Home Lab: Threat Detection with Splunk Enterprise and Sysmon

Threat Detection Lab using Wazuh SIEM, Sysmon, and Kali Linux

Active Directory Threat Hunting Lab: Persistence & Lateral Movement Detection with Splunk + Sysmon

SIEM Home Lab — Splunk threat detection with Sysmon and Windows Event Logs

SOC Home Lab using Sysmon and Splunk for log collection, detection, and threat investigation.

This home lab demonstrates an attack and defense scenario that implements an EDR response using LimaCharlie on a Windows Machine against Silver (attack ) from a C2 machine (Ubunutu).

Threat Detection & Incident Triage Lab using Windows, Sysmon, and Splunk for endpoint security monitoring and MITRE ATT&CK-mapped detection.

SOC lab project featuring Splunk SIEM, real brute force attack analysis, and advanced threat detection with Sysmon

XDR lab using Wazuh & Sysmon for threat detection, MITRE ATT&CK mapping, and SOAR simulation with PowerShell attack scenarios

Hands-on SOC Analyst Home Lab: Threat simulation, detection engineering, and endpoint telemetry using Sliver C2, Sysmon, and LimaCharlie.

Home Lab SOC / SIEM: Building a complete monitoring and threat detection environment using Splunk Enterprise, Universal Forwarder, and Sysmon.

SOC analyst lab showcasing blue team skills with Splunk SIEM, Sysmon(EDR), Wireshark, and Active Directory for log detection, threat detection, and incident analysis.

Practical SOC lab using Windows Sysmon to monitor endpoint activity and analyze security-relevant events for threat detection and incident investigation.

An end-to-end SOC lab featuring a Windows 10 endpoint, Sysmon telemetry, and an Ubuntu-based Splunk SIEM for threat detection.

SOC Home Lab: End-to-end security telemetry pipeline using Splunk & Sysmon. Features custom threat detection, XML parsing, and automated SOC dashboards