I designed and deployed a foundational Security Operations Center (SOC) lab environment in Microsoft Azure to gain hands-on experience with security configurations, threat detection, and log data analysis. As part of the lab, I implemented a honeypot on a Windows 10 virtual machine to simulate malicious activity and generate relevant telemetry. I integrated Azure Log Analytics and developed a custom workbook to visualize and analyze the collected data, including tracking failed login attempts, mapping geolocated threat sources, and aligning findings with the MITRE ATT&CK framework for adversarial behavior analysis.
-
Cloud Security Configuration – Set up and secured resources within Microsoft Azure, including virtual networks, virtual machines, and access controls.
-
Threat Detection and Simulation – Deployed a honeypot to simulate attacker behavior and capture suspicious activity such as brute-force login attempts.
-
Log Management and Analysis – Collected and queried security event logs using Azure Log Analytics to identify patterns and anomalies.
-
Data Visualization – Built custom workbooks in Azure Monitor to visualize failed login attempts, geolocation mapping, and threat insights.
-
MITRE ATT&CK Framework Application – Mapped observed activities to MITRE ATT&CK tactics and techniques to better understand and classify adversary behavior.
-
Network Monitoring and Telemetry Collection – Monitored inbound connections and network traffic to identify unauthorized access attempts and gather actionable security telemetry.
-
Microsoft Azure – Cloud platform used to host the SOC environment, virtual machines, and networking components.
-
Azure Log Analytics – Centralized log collection and analysis tool used to query and interpret security event data.
-
Honeypot (Windows 10 VM) – Deceptive system deployed to attract and log unauthorized access attempts for analysis.
-
Azure Workbooks – Visualization tool used to create interactive dashboards for monitoring failed logins, geolocation tracking, and threat patterns.
