Soc Open Source is a Project Designed for Security Analysts and all SOC audiences who wants to play with implementation and explore the Modern SOC architecture. All of the components are used based on Open Source Projects(Available at the time of first commit).

This is Part1, we will show the base of the model with ELK, TheHive CortexMISP and we will use some dummy data to ingest in ELK. In coming up episodes, we will include more data sources to ELK Wazuh, Snort, Honeypot and Also we will integrate Atomic Red Team to ELK for Attack Simulation. We will also show how can you automate your flows with Shuffle. So watch this space out!

This Project serves below usecases:

Collect Data to a Single Place.
Normalize and Parse Data
Visualize Data and prepare meaningful Security Analytics
Create Incidents/Cases out of Security Alerts identified based on collected data/logs
Automate process of Threat Hunt, Creation of actionable Playbooks, SOC data Analytics
Automate the process of analysis observables they have collected, at scale, by querying a single tool instead of several
Actively respond to threats and interact with the constituency and other teams
Enrich Data feeds with Open Source Threat Intelligence Platform

In this episode, I will cover from scratch how can you install all of the components Elastic Stack, TheHive, Cortex, MISP and will also show how can you integrate all of these components with each other.

This Project can be used to any small/big organizations who wants to create their SOC Set up using Open Source Tools, also by any Security Analysts, Engineers who wants to build a SOC Lab which has all of the components SIEM, Case Management, Threat Intel Platform, Threat Hunt & Analytics capability and lot more.

You will find similar kind of projects online but this is the FIRST TIME we are showing everything bundled up and with full working condition. Just follow along the tutorial to get a high level overview of the end product and get started from the Git Repo Below.

LINKs for your requirements

1. Project https://github.com/archanchoudhury/SO...

WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!

INCIDENT RESPONSE TRAINING Full Course    • BlackPerl DFIR  || INCIDENT RESPONSE ...  
DFIR Free Tools and Techniques    • BlackPerl DFIR || DFIR Tools and Tech...  
Windows and Memory Forensics    • BlackPerl DFIR || Windows and Memory ...  
Malware Analysis    • BlackPerl DFIR || Malware Analysis Se...  
SIEM Tutorial    • BlackPerl DFIR || Learn SIEM with me ...  
Threat Hunt & Threat Intelligence    • BlackPerl DFIR || Threat Hunt & Threa...  

⌚
Timelines

0:00 ⏩ Introduction
1:28 ⏩ Architecture Overview
8:40 ⏩ Overview of the full setup
22:12 ⏩ Install the components
41:30 ⏩ Integrate the components
48:01 ⏩ Summarize



FOLLOW ME EVERYWHERE

✔ LinkedIn:   / blackperl  
✔ You can reach out to me personally in LinkedIn as well https://bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: https://github.com/archanchoudhury
✔ Insta: (blackperl_dfir)  / blackperl_dfir  
✔ Can be reached via [email protected]

SUPPORT BLACKPERL

╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡ SUBSCRIBE, Share, Like, Comment
☕ Buy me a Coffee https://www.buymeacoffee.com/BlackPerl
Sponsorship Inquiries: [email protected]


Thanks for watching!! Be CyberAware!!