franlibautistagg-boop/soc-incident-response-lab

# SOC Incident Response Lab ## Objective This project documents a hands-on Security Operations Center (SOC) lab focused on detecting, investigating, and reporting suspicious authentication activity using a SIEM environment. The main goal is to simulate a realistic security alert, analyze the evidence, map the activity to MITRE ATT&CK, and produce a professional incident report. ## Scenario A system receives multiple failed login attempts from a suspicious source. The activity is investigated as a possible brute-force attack. The investigation includes log analysis, alert review, severity classification, and recommended response actions. ## Tools Used - Wazuh - Windows/Linux endpoint - Sysmon / system logs - Wireshark - Nmap - MITRE ATT&CK - Markdown documentation ## Skills Demonstrated - SIEM monitoring - Log analysis - Alert triage - Incident investigation - Network security fundamentals - MITRE ATT&CK mapping - Technical reporting ## Project Status In progress.