In modern enterprise environments, security teams must react quickly to threats while handling large volumes of alerts. Manual investigation and response can cause delays that attackers exploit.
This lab demonstrates a fully automated SOC workflow where endpoint security events from a Windows 10 system are collected by Wazuh, processed by Shuffle SOAR, enriched with OSINT threat intelligence, documented in TheHive, and delivered to a SOC analyst via email for action.
The workflow also supports bi-directional response, allowing analysts to trigger automated actions that are executed back on the affected endpoint through Wazuh.