Fontys S7

Setting up a SOC

For my home network I've setup a SOC to monitor any threats from the outside coming into my server. But also any threats that might come from the inside on my local desktop.

I've chosen for Wazuh because it is free, lightweight, easy to use and it runs on the ELK Stack which makes it very modular in terms of adding features in the future.

I've agents installed on some of my virtual machines that run my services. The purpose of these agents is to send any logs back to the ELK Stack to be analysed by the Wazuh manager.

The Wazuh manager will then rank the alerts on how critical they are and display them on the dashboard.

The built-in integrity monitor will also monitor any new, deleted or modified files. This will help track down potential bad actors that had access to a machine and maybe modified or added rogue files.

With the integration of Virustotal the Wazuh agents also function as a Virus scanner, matching any new file's hash on the systems with the Virustotal database. If there is a match it will delete the file and generate an alert on the Wazuh dashboard.