Open-Source SOC / Detection Lab (Endpoint-First + Network Telemetry)

Objective

Build a realistic test environment for detection quality and analyst workflow validation without relying on production data.

Stack Focus

• Wazuh and OpenSearch for endpoint-centric detection exploration.
• LimaCharlie integration experiments.
• Zeek and Suricata for network visibility.
• Velociraptor for endpoint investigation workflows.
• TheHive and Cortex for triage and enrichment orchestration.
• Atomic Red Team and Caldera for repeatable adversary simulation.

Value

The lab supports threat-informed validation loops and practical tuning before content reaches production.