Skip to content

Lenox2Linux/soclab-wazuh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
docs
docs
 
 
images
images
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

SOC Home Lab with Wazuh

Project Summary

This project documents my beginner SOC home lab using Wazuh, Ubuntu Server, Docker, and Kali Linux. The purpose of the lab is to gain hands-on experience with security monitoring, log visibility, and alert investigation in a controlled environment. This lab also served as the foundation for a follow-up detection project involving attacker simulation and Wazuh alert analysis.

Objective

I built this project to better understand how security analysts monitor systems and investigate activity using a SIEM platform.

Lab Environment

  • Server: Ubuntu Server running Wazuh in Docker
  • Testing Machine: Kali Linux
  • Endpoint: Ubuntu system
  • Workstation: Lenovo ThinkPad T14

Tools Used

  • Wazuh
  • Docker
  • Ubuntu Server
  • Kali Linux
  • Nmap
  • Wireshark
  • Linux CLI

Project Steps

  1. Deploy Wazuh in Docker on Ubuntu Server
  2. Verify services and dashboard access
  3. Connect lab systems for monitoring
  4. Generate test activity in the environment
  5. Review logs and alerts in the Wazuh dashboard
  6. Document the setup and lessons learned

Results

  • Built a functioning beginner SOC lab
  • Practiced using Wazuh for monitoring and visibility
  • Improved Linux and Docker troubleshooting skills
  • Gained experience documenting a cybersecurity lab project

Skills Demonstrated

  • SIEM fundamentals
  • Linux administration
  • Docker basics
  • Security monitoring
  • Technical documentation

Lessons Learned

This project showed me that security monitoring depends on proper setup, endpoint visibility, and careful documentation. It also helped me better understand how blue-team workflows connect system activity to alerts and investigation.

Future Improvements

  • Add more endpoints
  • Test additional alert scenarios
  • Expand log analysis
  • Integrate more blue-team workflows

Screenshots

Endpoint Monitoring

Shows the Ubuntu endpoint registered and monitored by Wazuh.

Endpoint Summary

Threat Hunting Dashboard

Overview of alerts and security events detected in the environment.

Threat Hunting Dashboard

Alert Overview

Initial alerts and authentication activity generated during testing.

Alert Overview

Dashboard Activity

Expanded alert activity after additional lab activity was generated.

Dashboard Activity

Related Detection Project

This SOC lab environment was later used to perform a follow-up security detection exercise involving reconnaissance, SSH access attempts, and Wazuh alert investigation.

SOC Detection Lab: Nmap Scan and Wazuh Alert Investigation
https://github.com/Lenox2Linux/soc-detect-nmap-wazuh

This follow-up project demonstrates how the lab environment can be used not only for setup and monitoring, but also for simulating activity and reviewing detection results through the Wazuh dashboard.

About

Security monitoring lab using Wazuh to practice log analysis, alert investigation, and SOC-style workflows.

Topics

linux docker cybersecurity siem ubuntu-server soc homelab wazuh blue-team security-monitoring

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors