karthikeyapantham/Threat-Hunting-Lab

# Threat Hunting Lab Using Wazuh & MITRE ATT&CK ## Overview This project demonstrates a practical threat hunting workflow using a Security Operations Center (SOC) environment. ## Technologies Used - Wazuh - Sysmon - Kali Linux - Windows 10 - MITRE ATT&CK ## Attack Scenarios ### 1. Network Reconnaissance - Simulated Nmap scanning activity - Mapped to MITRE ATT&CK T1046 ### 2. PowerShell Activity - Monitored PowerShell execution - Mapped to MITRE ATT&CK T1059.001 ### 3. User Account Creation - Detected account creation events - Mapped to MITRE ATT&CK T1136 ### 4. Persistence via Scheduled Tasks - Detected persistence mechanisms - Mapped to MITRE ATT&CK T1053 ## Detection Rules - PowerShell Detection - User Creation Detection - Persistence Detection ## Skills Demonstrated - Threat Hunting - Log Analysis - SIEM Monitoring - MITRE ATT&CK Mapping - Incident Investigation ## Repository Structure Attack-Scenarios/ Detection-Rules/ Final-Report/ Screenshots/ ## Author Karthikeya Pantham