SOC Home Lab with Wazuh SIEM for security monitoring, SSH attack detection, and log analysis across Windows and Linux systems
This project demonstrates a hands-on SOC (Security Operations Center) lab where real-world attack scenarios were simulated and analyzed using Wazuh SIEM.
The focus of this lab is to detect and analyze SSH brute-force attacks, perform log analysis, and understand how alerts are generated and investigated across Windows and Linux systems.
Kali Linux (Attacker)
β
SSH Brute Force Attack
β
Windows / Linux Targets
β
Wazuh Agent β Wazuh Server β Dashboard
| Technique | ID | Description |
|---|---|---|
| Brute Force | T1110 | Repeated login attempts using SSH |
| Valid Accounts | T1078 | Successful login after multiple failures |
β’ Simulated SSH login attempts from Kali Linux
β’ Generated multiple failed authentication logs
β’ Observed attack detection in Wazuh SIEM
- Multiple failed login attempts (Event ID 4625)
- Followed by a successful login (Event ID 4624)
- Indicates potential brute-force attack
β’ Detected repeated login failures
β’ Identified potential brute-force attack pattern
βοΈ Built a SOC lab using Wazuh SIEM
βοΈ Simulated SSH brute-force attacks
βοΈ Detected authentication failures
βοΈ Correlated logs to identify attack patterns
βοΈ Performed alert investigation
This project simulates a real SOC scenario where an analyst monitors authentication logs to detect brute-force attacks and investigates suspicious login patterns.





