yazz-Sh/hanicar-soc-incident-response-platform

# Hanicar — AI-Assisted SOC & Incident Response Case Study Hanicar is an academic cybersecurity project developed by a team of 6 students, focused on SOC automation, incident response, threat intelligence enrichment and AI-assisted security analysis. The project simulates a banking-oriented SOC environment where security alerts can be collected, enriched, analyzed and transformed into actionable incident response recommendations. ## Project Context This repository is a sanitized case study of the Hanicar project. Due to the group nature of the project and the absence of public screenshots or shareable source code, this repository focuses on documenting the architecture, use cases, workflows and personal contributions without exposing sensitive data, private configurations or internal implementation details. ## Main Objectives - Simulate a SOC-oriented cybersecurity environment - Centralize security alerts and incident information - Enrich alerts with threat intelligence context - Support incident triage and prioritization - Automate parts of the incident response workflow - Provide AI-assisted recommendations for analysts ## Key Use Cases - Suspicious activity detection - PowerShell activity monitoring - Authentication failure analysis - Privilege escalation investigation - Threat intelligence enrichment - Ransomware response workflow - AI-assisted incident recommendation ## Technical Scope The project was designed around the following cybersecurity concepts: - SIEM-based alert analysis - SOC automation - Incident response workflows - Threat intelligence enrichment - MITRE ATT&CK mapping - Security dashboarding - AI-assisted analysis and recommendation ## My Contributions My contributions focused on: - Defining SOC detection and incident response use cases - Structuring the incident analysis workflow - Working on alert enrichment and response logic - Participating in the design of the SOC-oriented architecture - Documenting technical decisions and security scenarios ## Repository Structure hanicar-soc-incident-response-case-study/ ├── README.md ├── docs/ │ ├── architecture-overview.md │ ├── use-cases.md │ ├── my-contributions.md │ ├── mitre-attack-mapping.md │ └── lessons-learned.md ├── reports/ │ └── sample-incident-report.md └── diagrams/ └── architecture-placeholder.md