In this, the second day of the SOC Automation series, the objective is to set up applications and virtual machines, specifically a Windows 10 machine with Sysmon installed, a Wazuh server, and a Hive server.
The Wazuh open-source security platform offers SIEM and XDR capabilities and helps security teams detect threats, analyze logs, and respond to incidents.
TheHive is an open-source Security Incident Response Platform that is used for investigating and collaborating on security incidents.
To achieve this setup, VirtualBox and the Windows 10 ISO must be downloaded and installed, and then Ubuntu 22.04 installed across two virtual machines.
This prepares the environment for the following, more involved, steps in this series where security tools will be configured and a homelab SOC environment constructed.