felsheima/home-soc-lab

# Home SOC Lab ## Overview This repository documents the buildout and operation of a personal cybersecurity homelab focused on: - Security Operations (SOC) - Threat Detection - Incident Response - Active Directory Security - Windows Logging and Telemetry - SIEM Engineering - Threat Hunting - Blue Team Operations The goal of this lab is to simulate enterprise security environments and develop hands-on defensive security skills using industry-relevant tools and workflows. ## Current Lab Environment ### Infrastructure - Proxmox / VMware - Windows Server 2022 - Windows 11 Client - Kali Linux ### Security Tooling - Wazuh SIEM - Sysmon - Wireshark - Nmap - Microsoft Sentinel (planned) ## Planned Projects - Active Directory Deployment - Windows Event Log Analysis - Sysmon Telemetry Collection - Brute Force Detection Rules - PowerShell Abuse Detection - Threat Hunting Scenarios - Malware Traffic Analysis - Incident Investigation Workflows - Sigma Rule Development ## Objectives - Develop hands-on SOC analyst skills - Improve threat detection capabilities - Build practical incident response experience - Strengthen Windows and Active Directory security knowledge - Learn enterprise security monitoring workflows - Practice log analysis and detection engineering ## Repository Structure / docs / screenshots / detections / writeups / scripts / network-diagrams ## Status Lab currently in active development.