Intelligent SOC Ecosystem

An Intelligent SOC Ecosystem for Monitoring, Detection, and Response to Cyber Attacks

Access SIEM Dashboard
Real-time Detection
Analytics
Security

Project Overview

Building a comprehensive SIEM solution for cybersecurity monitoring

Project Description

Deployed a Security Information and Event Management (SIEM) solution leveraging the Elastic Stack (ELK) to collect, process, analyze, and visualize cybersecurity events within a simulated environment. The project focused on monitoring logs from Windows and Linux systems, along with security devices like Suricata and pfSense, to detect, investigate, and respond to threats.

In Progress

Key Features

  • Real-time log monitoring
  • Threat detection & analysis
  • Data visualization
  • MITRE ATT&CK mapping
24/7
Monitoring
5+
Data Sources

Security Framework

MITRE ATT&CK
SSL/TLS Encryption
RBAC Authorization

Quick Access

SIEM Dashboard Kibana Elasticsearch

Technologies & Tools

Cutting-edge technologies powering our SIEM solution

Elastic Stack (ELK)

Complete search and analytics platform

Elasticsearch Elasticsearch Logstash Logstash Kibana Kibana Beats Beats

Network Security

pfSense pfSense Suricata Suricata IDS/IPS Nginx Nginx

Log Sources

Windows Events Linux Syslogs Web Server Logs

Query Languages

KQL Query DSL JSON

System Architecture

Comprehensive SIEM deployment architecture

SIEM Deployment Architecture

Data Collection Layer

Filebeat and Elastic Agents collect logs from Windows, Linux systems, and security devices

Processing Layer

Logstash pipelines parse, normalize, and enrich data using grok, mutate, and JSON filters

Analytics Layer

Elasticsearch stores and indexes data for fast search and complex analytics

Visualization Layer

Kibana provides dashboards, visualizations, and SIEM detection rules

Project Team

Meet the developers behind this SIEM solution

Lai Quan Thien

Lai Quan Thien

SOC Analyst

Specialized in SIEM, SOC operations, and advanced threat detection. Skilled in building centralized monitoring systems with ELK, Suricata, and security automation solutions.

Ho Diep Huy

Ho Diep Huy

SOC Analyst

Experienced in SOC workflows, SIEM systems, and threat detection techniques. Proficient in deploying ELK Stack, Suricata IDS/IPS, and creating automated security solutions.