This project simulates real-world cyber attacks and builds an end-to-end Security Operations Center (SOC) detection and response pipeline.
The objective was not only to collect logs but to:
- Reproduce real attacks
- Design detection logic
- Compare SIEM platforms
- Implement automated response (SOAR-style)
[Kali Attacker] ↓ [Ubuntu Server] ├─ UFW Log ├─ auth.log └─ Apache access.log ↓ [Filebeat] ↓ [Elasticsearch] ↓ [Kibana Detection Rules] ↓ [Alert Trigger] ↓ [Python SOAR API] ↓ [UFW Auto Block]
- Kali Linux (Attack Simulation)
- Ubuntu 24.04 Server
- UFW Firewall
- Filebeat 8.x
- Elasticsearch 8.x
- Kibana (Security Detection Engine)
- Splunk Enterprise (Rule Comparison)
- FastAPI (Python SOAR Server)
Hydra-based password brute force.
/var/log/auth.log
Query: