sathish0231/SOC-Monitoring-Lab

# SOC-Monitoring-Lab # SOC Analyst Project – ELK Stack Based Threat Monitoring System This project is a mini Security Operations Center (SOC) monitoring lab developed using the ELK Stack (Elasticsearch, Logstash/Filebeat, and Kibana) along with TheHive integration and Python-based automation scripts. The main objective of the project is to simulate cyber attacks, collect system logs, monitor authentication events, and visualize security incidents in real time. ## Features * Simulated brute-force and SSH authentication attacks * Real-time log collection using Filebeat * Elasticsearch-based log storage and indexing * Kibana dashboards for threat visualization * Authentication failure monitoring * Attack timeline analysis * Python-based SOAR automation * TheHive integration for incident response and case creation * Real-time security event monitoring using Linux logs and journalctl ## Tools & Technologies Used * Elasticsearch * Kibana * Filebeat * Python * Linux * TheHive * GitHub * SSH / Hydra / Curl attack simulations ## Workflow Attack Simulation → Log Generation → Filebeat Collection → Elasticsearch Storage → Kibana Visualization → TheHive Incident Response ## Outcome Successfully built a functional SOC monitoring environment capable of detecting, monitoring, and visualizing suspicious authentication activities and security events in real time.