Skip to content

Manoj-Root/SOC-SIEM-Lab-Wazuh

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

42 Commits
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ›‘οΈ SOC Home Lab – Wazuh SIEM Detection

Wazuh Platform Attack Status

SOC Home Lab with Wazuh SIEM for security monitoring, SSH attack detection, and log analysis across Windows and Linux systems

πŸ“Œ Overview

This project demonstrates a hands-on SOC (Security Operations Center) lab where real-world attack scenarios were simulated and analyzed using Wazuh SIEM.

The focus of this lab is to detect and analyze SSH brute-force attacks, perform log analysis, and understand how alerts are generated and investigated across Windows and Linux systems.

βš™οΈ Setup Guide

πŸ‘‰ Setup Guide

🧭 Lab Architecture

Kali Linux (Attacker)
        ↓
SSH Brute Force Attack
        ↓
Windows / Linux Targets
        ↓
Wazuh Agent β†’ Wazuh Server β†’ Dashboard

πŸ–₯️ Wazuh Setup

Wazuh Web Interface

Wazuh Dashboard

Wazuh Endpoints (Agents)

🧠 MITRE ATT&CK Mapping

Technique ID Description
Brute Force T1110 Repeated login attempts using SSH
Valid Accounts T1078 Successful login after multiple failures

🚨 Attack Simulation – SSH Brute Force

β€’ Simulated SSH login attempts from Kali Linux

β€’ Generated multiple failed authentication logs

β€’ Observed attack detection in Wazuh SIEM

πŸ” Detection Logic

  • Multiple failed login attempts (Event ID 4625)
  • Followed by a successful login (Event ID 4624)
  • Indicates potential brute-force attack

πŸ” Log Analysis

πŸͺŸ Windows Log Analysis

β€’ Event ID 4625 β†’ Failed login attempts

β€’ Event ID 4624 β†’ Successful login

Multiple Failed Attempts Detection

β€’ Detected repeated login failures

β€’ Identified potential brute-force attack pattern

πŸš€ Key Outcomes

βœ”οΈ Built a SOC lab using Wazuh SIEM
βœ”οΈ Simulated SSH brute-force attacks
βœ”οΈ Detected authentication failures
βœ”οΈ Correlated logs to identify attack patterns
βœ”οΈ Performed alert investigation

πŸ’Ό Use Case

This project simulates a real SOC scenario where an analyst monitors authentication logs to detect brute-force attacks and investigates suspicious login patterns.

🎯 Skills Demonstrated

β€’ SIEM: Wazuh

β€’ Log Analysis (Windows & Linux)

β€’ Security Monitoring & Alert Investigation

β€’ SSH Brute-force Attack Simulation

β€’ Event Correlation

πŸ”— Connect With Me

🌐 Portfolio: https://www.cybergodfather.me/

Releases

No releases published

Packages

 
 
 

Contributors