Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - The detection capabilities can also be used as a SOC

SOC Compass continuously maintains your current and target SOC Operating Model (TSOM), aligning evidence and criteria to common frameworks such as SOC-CMM, MITRE Inform and SIM3.

This repository hold a complete step by step documentation of the creation of a Security Operations Center SOC home lab.

An Open-source Ready SOC in a dockerized environment

This detection engineering repo is for the Detection as Code CI/CD pipeline

A hands-on SOC Automation Lab built using Wazuh, TheHive, Cortex, and ELK. Demonstrates real-time threat detection, alert forwarding, and automated incident response in a simulated enterprise environment.

Cybersecurity lab demonstrating MITRE ATT&CK T1110 brute force attack simulation using Kali Linux and Hydra. Includes reconnaissance, attack execution, IoC analysis, and SOC defense strategies with Fail2Ban and 2FA implementation.

Python script that reads mock security logs, detects suspicious patterns (e.g., brute force, failed logins, blacklisted IPs), and raises alerts.

robotic security operations with more than just dashboards. This goes into dispatching and more. Meant for event / city security ops with experimental robotics to assist. Code sanitized as much to still show a demo.