SOC Automation Project - Wazuh, TheHive, Shuffle
This project consists of building a SOC (Security Operations Center) automation lab from scratch, aimed at gaining hands-on experience in the field. The project involves setting up various tools such as Wazuh (SIEM and XDR), TheHive (for case management), and Shuffle (for SOAR capabilities). The project includes 5 different parts: Part 1: Creating a logical diagram to visualize the lab and project. Part 2: Installing necessary components and setting up the lab in the cloud and virtual machines (VM). Part 3: Configuring servers and endpoints for seamless communication with each other. Part 4: Generating telemetry related to Mimikatz to trigger alerts. Part 5: Setting up SOAR, integrating all tools, and automating responses and alerts. Part 1: In the first part of the project, the focus is on creating a logical diagram to visualize the lab setup, which would help to understand data flow and identify necessary components. I used a free tool called draw.io to build this diagram, by co...