This project outlines the process of building a SOC Home Lab. It covers the installation and configuration of virtual machines (VMs), creating the networking between VMs, and setting up Splunk and Sysmon for ingesting telemetry. The home lab is the foundation on which the other documented projects will be build and ran accordingly.
- Setting up and configuring virtual machines using VMware or VirtualBox.
- Configuring networking between multiple VMs to simulate real-world environments.
- Setting up Splunk and Sysmon for security event correlation.
- Understanding and applying cybersecurity attack techniques in a controlled environment.
- VMware/VirtualBox: For creating and managing virtual machines.
- Windows 10, Kali Linux, Ubuntu: Operating systems used for attack and defense.
- Splunk: For centralized log management and analysis.
- Sysmon: For monitoring and generating detailed system telemetry.
Set up three Virtual Machines consisting of Kali Linux, Ubuntu, and Windows 10.
Each machine is set up with the default NAT network settings, however they will be switched to the Internal Network and assigned static IPs to not put my host at risk when conducting Malware Analysis and Threat Hunting.
Assigned a static IP to the Windows VM.
Assigned a static IP to the Kali VM.
Pinging the Kali VM from the Windows VM to check connectivity.
Setting up the Splunk Enterprise environment to intake logs from the Windows VM.
Splunk is displaying logs from the Windows VM accordingly.
Used the following config file to set up Sysmon.
Installed Sysmon using Powershell on the Windows VM with the Sysmon config above.
Confirming Sysmon was successfully installed.
