Back to Home
My Cybersecurity Projects
This diagram shows the complete architecture of my SOC Home Lab setup, including Identity Provider (IDP), VPN connectivity, and a Virtual Private Network containing various security tools like Wazuh, IRIS, Graylog, and different operating systems (Ubuntu, Windows Server, etc.) - all configured to detect and analyze potential security threats.
Wazuh
Authentik
Netbird
IRIS
Graylog
Windows/Linux
A comprehensive Security Operations Center (SOC) lab environment designed to emulate a real-world SOC with a focus on cybersecurity monitoring, threat detection, and incident response capabilities.
Components
- Authentik (IDP) - Identity Provider for authentication and access control
- Netbird (VPN) - Secure, encrypted remote access to the lab environment
- Wazuh - Functions as both EDR and SIEM for threat detection
- IRIS - Threat intelligence platform for security insights
- Graylog - Log management and analysis system
- SOCfortress Copilot - Automates SOC workflow and alert triage
Implementation
This project was implemented with multiple virtual machines to handle different security functions including:
- A secure VPN infrastructure with Netbird for remote access
- Identity management through Authentik for role-based access control
- Comprehensive monitoring with Wazuh agents on all endpoints
- Centralized log analysis with Graylog
- Threat intelligence integration with IRIS