crownshield-sec/soc-portfolio

# SOC Portfolio (Splunk • Wireshark • TheHive) Hands-on SOC portfolio focused on alert triage, investigation workflows, incident documentation, log analysis, and security operations reporting. Projects are structured to reflect analyst-style investigations and SOC Level 1 operational workflows. ## Featured (Quick View) - **Trojanized Productivity App Download — Alert Triage & Escalation** `projects/trojan-app-triage-01/README.md` *Analyst-style triage workflow including escalation summary, IOC tracking, and network investigation notes.* - **Phishing Triage Mini-Report** `projects/phishing-triage-01/README.md` *Phishing investigation involving artifact analysis, indicator extraction, and containment documentation.* - **SIEM Query Practice (Splunk) — Suspicious Authentication** `projects/splunk-detections-01/README.md` *SIEM-focused investigation using event correlation, SPL queries, and triage documentation workflows.* ## Focus Areas - Alert triage, severity assessment, and escalation decision-making - Log analysis and correlation (Splunk-style searching) - Packet analysis and timeline development (Wireshark) - Case documentation workflows (TheHive-style case notes) ## Projects (Casework) 1. **Phishing Triage Mini-Report** - Path: `projects/phishing-triage-01/README.md` - Focus: email artifact review, indicator extraction, and containment recommendations 2. **SIEM Query Practice (Splunk) — Suspicious Authentication** - Path: `projects/splunk-detections-01/README.md` - Focus: SPL-style searches, correlation logic, and triage-ready summaries 3. **Case Documentation (TheHive)** - Path: `projects/thehive-case-notes-01/README.md` - Focus: structured case notes, observables, tasking, and incident documentation workflow 4. **Trojanized Productivity App Download — Alert Triage & Escalation** - Path: `projects/trojan-app-triage-01/README.md` - Includes: triage note, escalation summary, IOC tracking, and Wireshark investigation notes ## Artifacts (Reusable Deliverables) Planned or in progress under `artifacts/`: - [Home Network Security Checklist (with screenshots)](artifacts/home-network-security-checklist/README.md) - [Phishing Spotter Guide (realistic examples + triage flow)](artifacts/phishing-spotter-guide/README.md) - [Incident Response One-Pager (small business “first 60 minutes”)](artifacts/incident-response-one-pager/README.md) ## Templates Reusable SOC documentation templates are under `templates/`. ## Data Handling Note All content is lab-based and sanitized. Identifiers (domains, IPs, usernames, hostnames, timestamps) are redacted or replaced with representative values. No proprietary or sensitive customer/employer data is included.