#
Blue Team SOC-Capstone-Packet Patrol Group Capstone project repository for Security Operations Center (SOC) implementation.
-
Team Members Role:
• Quatecha Cleveland-Webb: Team Leader
• Margaret Edwards: Project Manager
• Ivan Castillo: Technical Documentation
Welcome to the SOC-Capstone-Team1 GitHub repository! This project aims to design, deploy, and configure a scalable and automated Security Operations Center (SOC) on a cloud platform in AWS. Our goal is to centralize security monitoring, incident detection, and response capabilities, catering to the needs of Security Operations Professionals, IT Security Teams, and Security Analysts.
-
Our target audience includes:
-
Security Operations Professionals
-
IT Security Teams
-
Security Analysts
-
- Resources:
- Cloud Security Architecture An Introduction (2024) Full course
- Security Operations Center (SOC) Coursera
- Learn how to Streamline and Enrich your SOC Workflow with Modern SIEM
- Control access to platform using SOC roles, environments, and permission groups
- SOCs: Security Operation Centers Explained
- Building a Virtual Security Home Lab: Part 1 - Network Topology
- The Five Step SOC Analyst Method
Sprint 1: Project Planning & Requirements Gathering:
- Github Projects for team Collaboration
- Tools Being Used
- Wireshark
- Wazuh
- Snort
- pfSense
- AWS
- EC2
- IAM
- VPC
- GitHub Projects
Sprint 2: Secure Cloud Infrastructure & Access Control:
- Tools Being Used
- AWS Identity and Access Management IAM
- Multi-factor Authentication
- AWS Virtual Private Cloud VPC
- AWS Security Groups
- AWS NACLs
- AWS Route Tables
- AWS Cloudtrail
Sprint 3: Data Collection & Aggregation:
- Tools Being Used
- AWS EC2 Instance
- Wazuh
- Metasploitable
- Putty
Sprint 4: Security & Alert Correlation:
- Tools Being Used
- Security Orchestration Automation and Response tool SOAR
- Shuffle webhook
- Incindent Response Playbooks
- SIEM Solution
- Correlation Rules and Threat Detection
- Amazon S3 Bucket
Sprint 5: Final Deliverables of Cloud-based Security Operations Center
Includes:
-
Network Topology
-
Secure Cloud Infrastructure & Access Control
-
The Hive Installation
-
Shuffle Installation
-
1750 word APA Paper
IAM
VPC
Billing and Cost Management
CloudTrail
EBS
S3
Kali
Metasploit
Wazuh Manager
The following file is meant to assist in the maintenance and troubleshooting of the project's components:
maintenance
While following this guide, you’ll want to change the fake IPv4 IP address 203.0.113.5 to the stated public or private IP for your instance. This is a fake IP address reserved for demonstration purposes.
The commands/output/code provided in this documentation is often preceded by a $.
This is meant to mimic a marker for terminal prompt.
When copy/pasting these commands, do not include the $.
Including it will probably throw an error.