A centralized, web-based SOC platform for real-time threat monitoring, incident response, and security analytics.
- Overview
- Features
- Modules
- Tech Stack
- Getting Started
- Project Structure
- Screenshots
- SIEM Architecture
- Security Features
- Future Enhancements
- License
SecureSOC is a capstone project simulating a real-world Security Information and Event Management (SIEM) platform. It enables organizations to:
- Collect logs from firewalls, servers, endpoints, and web applications.
- Detect suspicious activities and cyber threats in real time.
- Investigate incidents through structured, multi-phase workflows.
- Respond efficiently with centralized case management and analyst collaboration.
- Report on security posture through automated, scheduled reports.
โ ๏ธ This project uses mock/simulated data to demonstrate the SOC platform UI and workflows. Integration points for live SIEM tools (Wazuh, Suricata, Elasticsearch) are clearly marked in the Settings module.
| Feature | Description |
|---|---|
| ๐ Authentication | Login page with demo RBAC roles (Super Admin, Analyst, Viewer) |
| ๐ Live Dashboard | Real-time KPI widgets, Chart.js visualizations, alert feeds |
| ๐จ Alert Management | Searchable alert stream with severity, status, and assignment |
| ๐ฅ Incident Response | 6-phase workflow: New โ Investigation โ Containment โ Eradication โ Recovery โ Closed |
| ๐ Case Management | Alert-to-case promotion, evidence tracking, analyst notes, timeline |
| ๐ Threat Intelligence | IOC registry (IPs, domains, hashes, URLs), confidence scoring, feed sync |
| ๐ฅ๏ธ Network Monitoring | Live traffic charts, top talkers, protocol distribution, active connections |
| ๐ Log Management | Centralized log stream from 10 source types with filtering and search |
| ๐ท๏ธ Asset Inventory | Full asset registry with health status, OS, department, and scan dates |
| ๐ Vulnerability Management | CVE tracking, CVSS scoring, risk ratings, patch status |
| ๐ Reports | Executive, compliance, incident and vulnerability report templates |
| ๐ Audit Logs | Immutable record of all user actions with role and IP tracking |
| ๐ Notifications | In-app feed with multi-channel indicators (Email, SMS, In-App) |
| โ๏ธ System Settings | Organization config, SIEM integration endpoints, security policies |
- Secure login form with show/hide password
- Role-Based Access Control (RBAC) โ 6 predefined roles
- Demo credentials panel for testing
- Session management & MFA indicator
Widgets: Total Events, Active Alerts, Critical Incidents, Assets Online
Charts: Network Traffic (Line), Alert Severity (Doughnut), Top Attacks (Bar)
Table: Real-time critical alerts feed
Tracks: Servers, Routers, Switches, Firewalls, Workstations, Laptops, VMs, IoT
Fields: Name, IP, MAC, OS, Department, Status, Last Scan
Sources: Windows Event Logs, Linux Syslog, Firewall, IDS/IPS, VPN, DNS, DHCP, Web Server, Auth, DB
Functions: Search, filter by type & severity, real-time stream
Levels: Critical, High, Medium, Low, Informational
Features: Search, filter, assign, escalate, close
Workflow phases visualized with Kanban-style tracker
Fields: ID, Type, Severity, Status, Analyst, Timeline
IOC types: IPs, Domains, URLs, File Hashes, Emails, Malware Families
Features: IOC search, confidence scoring, threat feed integration panel
Views: 24h traffic chart, protocol pie chart, top talkers bar chart, active connections table
Fields: CVE ID, CVSS Score (with visual bar), Risk Rating, Affected Asset, Patch Status
Features: Create case from alert, assign analyst, evidence count, notes, case timeline panel
Templates: Executive, Compliance (ISO 27001), Vulnerability, Incident, Audit
Actions: Download PDF, filter by date range and type
Tracks: Login, Logout, Password Change, Alert Assignment, Incident Update, User Creation, Asset Modification, Report Generation
Channels: In-App, Email, SMS
Events: New Alert, Critical Incident, Failed Login, Device Offline, High CPU
Actions: Mark as read, dismiss, channel preferences
| Layer | Technology | Version |
|---|---|---|
| Framework | Next.js (App Router) | 16.2 |
| UI Components | Bootstrap | 5.x |
| Charts | Chart.js + react-chartjs-2 | 4.x |
| Icons | Lucide React | Latest |
| Language | JavaScript (ES2022) | - |
| Styling | Vanilla CSS with CSS Variables | - |
| Package Manager | npm | 11.x |
- Wazuh โ Host-based Intrusion Detection System (HIDS)
- Suricata โ Network Intrusion Detection System (NIDS)
- Elasticsearch โ Log indexing and search
- Logstash โ Log pipeline and parsing
- Kibana โ Log visualization
- Filebeat / Winlogbeat โ Log shipping agents
- Node.js v18 or higher โ Download
- npm v9 or higher (comes with Node.js)
# 1. Clone the repository
git clone https://github.com/YOUR_USERNAME/SecureSOC.git
# 2. Navigate into the project directory
cd SecureSOC
# 3. Install dependencies
npm install
# 4. Start the development server
npm run devOpen http://localhost:3000 in your browser.
| Role | Password | |
|---|---|---|
| Super Administrator | admin@securesoc.com |
password |
| Security Analyst | analyst@securesoc.com |
password |
| Viewer | viewer@securesoc.com |
password |
SecureSOC/
โโโ public/ # Static assets
โโโ src/
โ โโโ app/ # Next.js App Router pages
โ โ โโโ page.js # ๐ Dashboard
โ โ โโโ login/page.js # ๐ Authentication
โ โ โโโ alerts/page.js # ๐จ Alert Management
โ โ โโโ incidents/page.js # ๐ฅ Incident Response
โ โ โโโ cases/page.js # ๐ Case Management
โ โ โโโ assets/page.js # ๐ฅ๏ธ Asset Inventory
โ โ โโโ logs/page.js # ๐ Log Management
โ โ โโโ network/page.js # ๐ Network Monitoring
โ โ โโโ threat-intel/page.js # ๐ Threat Intelligence
โ โ โโโ vulnerabilities/page.js # ๐ Vulnerability Mgmt
โ โ โโโ audit-logs/page.js # ๐ Audit Logs
โ โ โโโ notifications/page.js # ๐ Notifications
โ โ โโโ reports/page.js # ๐ Reports
โ โ โโโ settings/page.js # โ๏ธ System Settings
โ โ โโโ layout.js # Root layout (Bootstrap CSS)
โ โ โโโ globals.css # Global CSS variables & styles
โ โโโ components/
โ โโโ layout/
โ โโโ DashboardLayout.js # Sidebar + Top Nav
โโโ .gitignore
โโโ next.config.mjs
โโโ package.json
โโโ README.md
Network Devices / Servers / Firewalls / Endpoints
โ
โผ
Log Collection Agents
(Winlogbeat / Filebeat)
โ
โผ
Logstash Pipeline
โ
โผ
Elasticsearch Index
โ
โผ
SecureSOC Dashboard (Next.js)
โ
โโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโ
โผ โผ โผ
Alert Engine Incident Mgmt Reports
โ
โผ
Security Analysts
- โ Role-Based Access Control (RBAC) with 6 permission levels
- โ Audit logging for all platform actions
- โ Session management & account lockout simulation
- โ Input validation and XSS-safe rendering
- โ CSRF-safe architecture (Next.js built-in)
- ๐ฒ AES-256 encryption for sensitive stored data (planned)
- ๐ฒ Multi-Factor Authentication (MFA) (planned)
- ๐ฒ Rate limiting (planned)
- AI-powered anomaly detection using machine learning
- SOAR playbooks for automated incident response
- MITRE ATT&CK framework mapping
- VirusTotal, MISP, OpenCTI API integrations
- Compliance dashboards (ISO 27001, NIST, PCI DSS)
- Real-time WebSocket updates
- Mobile-responsive PWA for analysts on the go
- Cloud deployment (Vercel / AWS / Azure)
- MySQL/PostgreSQL database backend
- Full Wazuh, Suricata, ELK stack integration
Developed as a Final-Year Capstone Project
Network Engineering & Cybersecurity
This project simulates a real enterprise SOC environment demonstrating practical SIEM concepts including log aggregation, alert correlation, incident response workflows, and threat intelligence management.
This project is licensed under the MIT License โ see the LICENSE file for details.
Made with โค๏ธ for Cybersecurity Education
โญ Star this repo if you found it useful! โญ