This project demonstrates a complete SOC (Security Operations Center) lab using Wazuh SIEM.
The lab includes a Wazuh server (Ubuntu) and a Windows 10 agent to simulate real-world security monitoring.
- 🐧 Ubuntu 22.04 → Wazuh Server (Manager + Indexer + Dashboard)
- 🪟 Windows 10 → Wazuh Agent
- 🌐 Web Interface → HTTPS Dashboard
sudo apt update && sudo apt install curl -y
curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh
sudo bash wazuh-install.sh -ahttps://<server-ip>:443
User: admin
Password: <generated-password>
- Download Wazuh agent
- Configure manager IP
- Start service
- Enabled Windows auditing (auditpol)
- Generated failed login attempts
- Detected in Wazuh (Event ID 4625)
- Triggered privileged operation
- Detected alert:
Failed attempt to perform a privileged operation
- Real-time logs collected from Windows agent
- ✅ Wazuh deployed successfully
- ✅ Agent connected and monitored
- ✅ Security events detected in real-time
- ✅ SOC environment fully functional
- SIEM (Wazuh)
- Log Analysis
- Windows Security Monitoring
- Cybersecurity Basics
- Add Sysmon for advanced logging
- Add Linux agents
- Simulate real cyber attacks (Brute force, PowerShell attacks)
- Ilyas Elouarrari