Skip to content

Latest commit

 

History

History
125 lines (71 loc) · 3.26 KB

File metadata and controls

125 lines (71 loc) · 3.26 KB

🛡️ SOC Home Lab – Wazuh SIEM Detection

Wazuh Platform Attack Status

SOC Home Lab with Wazuh SIEM for security monitoring, SSH attack detection, and log analysis across Windows and Linux systems

📌 Overview

This project demonstrates a hands-on SOC (Security Operations Center) lab where real-world attack scenarios were simulated and analyzed using Wazuh SIEM.

The focus of this lab is to detect and analyze SSH brute-force attacks, perform log analysis, and understand how alerts are generated and investigated across Windows and Linux systems.

⚙️ Setup Guide

👉 Setup Guide

🧭 Lab Architecture

Kali Linux (Attacker)
        ↓
SSH Brute Force Attack
        ↓
Windows / Linux Targets
        ↓
Wazuh Agent → Wazuh Server → Dashboard

🖥️ Wazuh Setup

Wazuh Web Interface

Wazuh Dashboard

Wazuh Endpoints (Agents)

🧠 MITRE ATT&CK Mapping

Technique ID Description
Brute Force T1110 Repeated login attempts using SSH
Valid Accounts T1078 Successful login after multiple failures

🚨 Attack Simulation – SSH Brute Force

• Simulated SSH login attempts from Kali Linux

• Generated multiple failed authentication logs

• Observed attack detection in Wazuh SIEM

🔍 Detection Logic

  • Multiple failed login attempts (Event ID 4625)
  • Followed by a successful login (Event ID 4624)
  • Indicates potential brute-force attack

🔍 Log Analysis

🪟 Windows Log Analysis

• Event ID 4625 → Failed login attempts

• Event ID 4624 → Successful login

Multiple Failed Attempts Detection

• Detected repeated login failures

• Identified potential brute-force attack pattern

🚀 Key Outcomes

✔️ Built a SOC lab using Wazuh SIEM
✔️ Simulated SSH brute-force attacks
✔️ Detected authentication failures
✔️ Correlated logs to identify attack patterns
✔️ Performed alert investigation

💼 Use Case

This project simulates a real SOC scenario where an analyst monitors authentication logs to detect brute-force attacks and investigates suspicious login patterns.

🎯 Skills Demonstrated

• SIEM: Wazuh

• Log Analysis (Windows & Linux)

• Security Monitoring & Alert Investigation

• SSH Brute-force Attack Simulation

• Event Correlation

🔗 Connect With Me