h-k47/wazuh-soc-lab

# Wazuh SOC Lab    ### A Simple & Practical Wazuh Lab for Beginners ## Project Overview This project is a **personal Security Operations Center (SOC) Lab** built using **Wazuh** in a virtualized environment. ## What You Will Learn - Deploying Wazuh Server (All-in-One) - Installing and registering Wazuh Agents (Windows + Linux) - File Integrity Monitoring (FIM) - Sysmon Integration for deep Windows visibility - Suricata Integration for Network Threat Detection - VirusTotal Integration for malware scanning - Custom detection rules and alerting - Real-time monitoring of brute force attacks, unauthorized changes, and suspicious activity ## Lab Environment - **Virtualization**: Oracle VirtualBox - **Wazuh Version**: 4.14 - **Host OS**: Windows 10/11 - **Server OS**: Ubuntu Server 22.04 - **Agent OS**: Windows Server / Windows 10/11 ## Repository Contents - **Server Deployment Guide** → Step-by-step Wazuh Server setup - **Windows Agent Guide** → Agent installation on Windows - **FIM Setup** → File Integrity Monitoring - **Sysmon Integration** → Advanced Windows logging - **Suricata Integration** → Network IDS - **VirusTotal Integration** → Malware intelligence - Screenshots and configuration examples ## Why This Lab? - Beginner-friendly with clear step-by-step guides - Real-world use case simulation - Fully virtualized (safe to experiment) - Open source and community-driven This lab is built to help anyone get started with **Wazuh** and understand how modern SOCs work. ## Getting Started 1. Start with the **[Wazuh Server Deployment](deployment/Wazuh-Virtualbox-Config.md)** 2. Deploy the **[Windows Agent](Agents/windows-agent-deployment.md)** 3. Configure monitoring modules (FIM, Sysmon, Suricata, etc.) ## Useful Links - [Wazuh Official Documentation](https://documentation.wazuh.com/current/) **Happy Learning & Defending!**