Skip to content

shan-devinda/SecureSOC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

2 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

SecureSOC

๐Ÿ›ก๏ธ SecureSOC โ€“ Intelligent Security Operations Center Dashboard

A centralized, web-based SOC platform for real-time threat monitoring, incident response, and security analytics.

Next.js Bootstrap Chart.js JavaScript License: MIT

image

๐Ÿ“‹ Table of Contents


๐Ÿ” Overview

SecureSOC is a capstone project simulating a real-world Security Information and Event Management (SIEM) platform. It enables organizations to:

  • Collect logs from firewalls, servers, endpoints, and web applications.
  • Detect suspicious activities and cyber threats in real time.
  • Investigate incidents through structured, multi-phase workflows.
  • Respond efficiently with centralized case management and analyst collaboration.
  • Report on security posture through automated, scheduled reports.

โš ๏ธ This project uses mock/simulated data to demonstrate the SOC platform UI and workflows. Integration points for live SIEM tools (Wazuh, Suricata, Elasticsearch) are clearly marked in the Settings module.


โœจ Features

Feature Description
๐Ÿ” Authentication Login page with demo RBAC roles (Super Admin, Analyst, Viewer)
๐Ÿ“Š Live Dashboard Real-time KPI widgets, Chart.js visualizations, alert feeds
๐Ÿšจ Alert Management Searchable alert stream with severity, status, and assignment
๐Ÿ”ฅ Incident Response 6-phase workflow: New โ†’ Investigation โ†’ Containment โ†’ Eradication โ†’ Recovery โ†’ Closed
๐Ÿ“ Case Management Alert-to-case promotion, evidence tracking, analyst notes, timeline
๐ŸŒ Threat Intelligence IOC registry (IPs, domains, hashes, URLs), confidence scoring, feed sync
๐Ÿ–ฅ๏ธ Network Monitoring Live traffic charts, top talkers, protocol distribution, active connections
๐Ÿ“œ Log Management Centralized log stream from 10 source types with filtering and search
๐Ÿท๏ธ Asset Inventory Full asset registry with health status, OS, department, and scan dates
๐Ÿ› Vulnerability Management CVE tracking, CVSS scoring, risk ratings, patch status
๐Ÿ“‘ Reports Executive, compliance, incident and vulnerability report templates
๐Ÿ” Audit Logs Immutable record of all user actions with role and IP tracking
๐Ÿ”” Notifications In-app feed with multi-channel indicators (Email, SMS, In-App)
โš™๏ธ System Settings Organization config, SIEM integration endpoints, security policies

๐Ÿงฉ Modules

1. ๐Ÿ” User Authentication & Access Control (/login)

  • Secure login form with show/hide password
  • Role-Based Access Control (RBAC) โ€” 6 predefined roles
  • Demo credentials panel for testing
  • Session management & MFA indicator

2. ๐Ÿ“Š Dashboard (/)

Widgets: Total Events, Active Alerts, Critical Incidents, Assets Online
Charts: Network Traffic (Line), Alert Severity (Doughnut), Top Attacks (Bar)
Table: Real-time critical alerts feed

3. ๐Ÿ–ฅ๏ธ Asset Management (/assets)

Tracks: Servers, Routers, Switches, Firewalls, Workstations, Laptops, VMs, IoT
Fields: Name, IP, MAC, OS, Department, Status, Last Scan

4. ๐Ÿ“œ Log Management (/logs)

Sources: Windows Event Logs, Linux Syslog, Firewall, IDS/IPS, VPN, DNS, DHCP, Web Server, Auth, DB
Functions: Search, filter by type & severity, real-time stream

5. ๐Ÿšจ Alert Management (/alerts)

Levels: Critical, High, Medium, Low, Informational
Features: Search, filter, assign, escalate, close

6. ๐Ÿ”ฅ Incident Response (/incidents)

Workflow phases visualized with Kanban-style tracker
Fields: ID, Type, Severity, Status, Analyst, Timeline

7. ๐ŸŒ Threat Intelligence (/threat-intel)

IOC types: IPs, Domains, URLs, File Hashes, Emails, Malware Families
Features: IOC search, confidence scoring, threat feed integration panel

8. ๐Ÿ”— Network Monitoring (/network)

Views: 24h traffic chart, protocol pie chart, top talkers bar chart, active connections table

9. ๐Ÿ› Vulnerability Management (/vulnerabilities)

Fields: CVE ID, CVSS Score (with visual bar), Risk Rating, Affected Asset, Patch Status

10. ๐Ÿ“ Case Management (/cases)

Features: Create case from alert, assign analyst, evidence count, notes, case timeline panel

11. ๐Ÿ“‘ Reports (/reports)

Templates: Executive, Compliance (ISO 27001), Vulnerability, Incident, Audit
Actions: Download PDF, filter by date range and type

12. ๐Ÿ” Audit Logs (/audit-logs)

Tracks: Login, Logout, Password Change, Alert Assignment, Incident Update, User Creation, Asset Modification, Report Generation

13. ๐Ÿ”” Notification System (/notifications)

Channels: In-App, Email, SMS
Events: New Alert, Critical Incident, Failed Login, Device Offline, High CPU
Actions: Mark as read, dismiss, channel preferences


๐Ÿ› ๏ธ Tech Stack

Layer Technology Version
Framework Next.js (App Router) 16.2
UI Components Bootstrap 5.x
Charts Chart.js + react-chartjs-2 4.x
Icons Lucide React Latest
Language JavaScript (ES2022) -
Styling Vanilla CSS with CSS Variables -
Package Manager npm 11.x

Planned SIEM Integrations (Future)

  • Wazuh โ€“ Host-based Intrusion Detection System (HIDS)
  • Suricata โ€“ Network Intrusion Detection System (NIDS)
  • Elasticsearch โ€“ Log indexing and search
  • Logstash โ€“ Log pipeline and parsing
  • Kibana โ€“ Log visualization
  • Filebeat / Winlogbeat โ€“ Log shipping agents

๐Ÿš€ Getting Started

Prerequisites

  • Node.js v18 or higher โ†’ Download
  • npm v9 or higher (comes with Node.js)

Installation

# 1. Clone the repository
git clone https://github.com/YOUR_USERNAME/SecureSOC.git

# 2. Navigate into the project directory
cd SecureSOC

# 3. Install dependencies
npm install

# 4. Start the development server
npm run dev

Open http://localhost:3000 in your browser.

Demo Login

Role Email Password
Super Administrator admin@securesoc.com password
Security Analyst analyst@securesoc.com password
Viewer viewer@securesoc.com password

๐Ÿ“ Project Structure

SecureSOC/
โ”œโ”€โ”€ public/                   # Static assets
โ”œโ”€โ”€ src/
โ”‚   โ”œโ”€โ”€ app/                  # Next.js App Router pages
โ”‚   โ”‚   โ”œโ”€โ”€ page.js           # ๐Ÿ“Š Dashboard
โ”‚   โ”‚   โ”œโ”€โ”€ login/page.js     # ๐Ÿ” Authentication
โ”‚   โ”‚   โ”œโ”€โ”€ alerts/page.js    # ๐Ÿšจ Alert Management
โ”‚   โ”‚   โ”œโ”€โ”€ incidents/page.js # ๐Ÿ”ฅ Incident Response
โ”‚   โ”‚   โ”œโ”€โ”€ cases/page.js     # ๐Ÿ“ Case Management
โ”‚   โ”‚   โ”œโ”€โ”€ assets/page.js    # ๐Ÿ–ฅ๏ธ  Asset Inventory
โ”‚   โ”‚   โ”œโ”€โ”€ logs/page.js      # ๐Ÿ“œ Log Management
โ”‚   โ”‚   โ”œโ”€โ”€ network/page.js   # ๐Ÿ”— Network Monitoring
โ”‚   โ”‚   โ”œโ”€โ”€ threat-intel/page.js # ๐ŸŒ Threat Intelligence
โ”‚   โ”‚   โ”œโ”€โ”€ vulnerabilities/page.js # ๐Ÿ› Vulnerability Mgmt
โ”‚   โ”‚   โ”œโ”€โ”€ audit-logs/page.js # ๐Ÿ” Audit Logs
โ”‚   โ”‚   โ”œโ”€โ”€ notifications/page.js # ๐Ÿ”” Notifications
โ”‚   โ”‚   โ”œโ”€โ”€ reports/page.js   # ๐Ÿ“‘ Reports
โ”‚   โ”‚   โ”œโ”€โ”€ settings/page.js  # โš™๏ธ  System Settings
โ”‚   โ”‚   โ”œโ”€โ”€ layout.js         # Root layout (Bootstrap CSS)
โ”‚   โ”‚   โ””โ”€โ”€ globals.css       # Global CSS variables & styles
โ”‚   โ””โ”€โ”€ components/
โ”‚       โ””โ”€โ”€ layout/
โ”‚           โ””โ”€โ”€ DashboardLayout.js  # Sidebar + Top Nav
โ”œโ”€โ”€ .gitignore
โ”œโ”€โ”€ next.config.mjs
โ”œโ”€โ”€ package.json
โ””โ”€โ”€ README.md

๐Ÿ—๏ธ SIEM Architecture

Network Devices / Servers / Firewalls / Endpoints
                    โ”‚
                    โ–ผ
          Log Collection Agents
        (Winlogbeat / Filebeat)
                    โ”‚
                    โ–ผ
             Logstash Pipeline
                    โ”‚
                    โ–ผ
            Elasticsearch Index
                    โ”‚
                    โ–ผ
      SecureSOC Dashboard (Next.js)
                    โ”‚
     โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
     โ–ผ              โ–ผ              โ–ผ
 Alert Engine  Incident Mgmt   Reports
                    โ”‚
                    โ–ผ
           Security Analysts

๐Ÿ”’ Security Features

  • โœ… Role-Based Access Control (RBAC) with 6 permission levels
  • โœ… Audit logging for all platform actions
  • โœ… Session management & account lockout simulation
  • โœ… Input validation and XSS-safe rendering
  • โœ… CSRF-safe architecture (Next.js built-in)
  • ๐Ÿ”ฒ AES-256 encryption for sensitive stored data (planned)
  • ๐Ÿ”ฒ Multi-Factor Authentication (MFA) (planned)
  • ๐Ÿ”ฒ Rate limiting (planned)

๐Ÿ”ฎ Future Enhancements

  • AI-powered anomaly detection using machine learning
  • SOAR playbooks for automated incident response
  • MITRE ATT&CK framework mapping
  • VirusTotal, MISP, OpenCTI API integrations
  • Compliance dashboards (ISO 27001, NIST, PCI DSS)
  • Real-time WebSocket updates
  • Mobile-responsive PWA for analysts on the go
  • Cloud deployment (Vercel / AWS / Azure)
  • MySQL/PostgreSQL database backend
  • Full Wazuh, Suricata, ELK stack integration

๐Ÿ‘ค Author

Developed as a Final-Year Capstone Project
Network Engineering & Cybersecurity

This project simulates a real enterprise SOC environment demonstrating practical SIEM concepts including log aggregation, alert correlation, incident response workflows, and threat intelligence management.


๐Ÿ“„ License

This project is licensed under the MIT License โ€“ see the LICENSE file for details.


Made with โค๏ธ for Cybersecurity Education

โญ Star this repo if you found it useful! โญ

About

SecureSOC is a web-based Security Operations Center (SOC) dashboard that centralizes security monitoring, log management, threat detection, and incident response for enterprise networks.

Topics

Resources

License

Contributing

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors