SOC Home Lab Update—Hands-On Security Operations!

I’ve been making steady progress on my Security Operations Center (SOC) home lab, implementing key security components to enhance threat detection and log analysis. Here’s what I’ve set up so far:

• SIEM with Wazuh: Deployed Wazuh on my Ubuntu server for real-time log collection, security monitoring, and threat detection.
• Install Wazuh:

  curl -sO https://packages.wazuh.com/key/GPG-KEY-WAZUH
  sudo apt-key add GPG-KEY-WAZUH
  echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list
  sudo apt update
  sudo apt install wazuh-manager
  sudo systemctl daemon-reload
  sudo systemctl enable wazuh-manager
  sudo systemctl start wazuh-manager
  

• Network Security with pfSense: Configured pfSense as my firewall, managing network traffic and securing my lab environment.

• Basic pfSense setup:

  </li>
  </ul>
  
  <h1>Access pfSense web interface (default IP: 192.168.1.1)</h1>
  
  <h1>Configure LAN/WAN interfaces and firewall rules via the GUI.</h1>
  
  <p>

  • Log Management & Visibility: Integrated Syslog with Wazuh to centralize logs from different devices, improving visibility into system events.
  • Syslog configuration:

    sudo nano /etc/rsyslog.conf</li>
    </ul>
    
    <h1>Add the following line to forward logs to Wazuh:</h1>
    
    <em>.</em> @<WAZUH_SERVER_IP>:514
    sudo systemctl restart rsyslog
    

    • Threat Simulation & Detection: Using Kali Linux to simulate attacks and fine-tune detection rules within Wazuh and pfSense, strengthening my incident response capabilities.
    • Example Nmap scan for simulation:

      sudo nmap -sV -sC -O <TARGET_IP>
      

    • Automation & Scripting: Experimenting with Bash & Python scripts to automate log parsing, security alerts, and monitoring workflows.

    • Example Bash script for log parsing:

      #!/bin/bash
      LOG_FILE="/var/log/syslog"
      OUTPUT_FILE="parsed_logs.txt"
      grep "ERROR" $LOG_FILE > $OUTPUT_FILE
      echo "Logs parsed and saved to $OUTPUT_FILE"
      

    What Undercode Say

    Building a SOC home lab is an excellent way to gain hands-on experience in cybersecurity. By integrating tools like Wazuh and pfSense, you can simulate real-world scenarios and enhance your threat detection and response skills. Here are some additional commands and tips to further optimize your setup:

    • Linux Security Commands:
    • Check open ports:

      sudo netstat -tuln
      

    • Monitor system logs:

      sudo tail -f /var/log/syslog
      

    • Harden SSH access:

      sudo nano /etc/ssh/sshd_config</li>
      </ul>
      
      <h1>Change Port to a non-default value and disable root login:</h1>
      
      Port 2222
      PermitRootLogin no
      sudo systemctl restart sshd
      

      • Windows Security Commands:
      • Check firewall status:

        netsh advfirewall show allprofiles
        

      • Enable Windows Defender:

        Set-MpPreference -DisableRealtimeMonitoring $false
        

      • Monitor event logs:

        Get-EventLog -LogName Security -Newest 10
        

      • Automation with Python:

      • Example script to monitor log files:

        import time
        def monitor_log(file_path):
        with open(file_path, 'r') as file:
        file.seek(0, 2) # Go to the end of the file
        while True:
        line = file.readline()
        if line:
        print(line.strip())
        time.sleep(1)
        monitor_log('/var/log/syslog')
        

      For further reading, explore the official documentation of Wazuh and pfSense. These resources provide in-depth guides and best practices for setting up and managing your SOC lab. Keep experimenting, and you’ll soon master the art of securing digital spaces!

      References:

      Hackers Feeds, Undercode AI