A self-built distributed Splunk SIEM home lab environment that mirrors an enterprise-level network, with focus on distributed deployment, multi-source data ingestion, and detection engineering readiness.
Skills Learned:
- Setting up a distributed Splunk architecture: configuring and connecting indexers, cluster manager, and search head.
- Building an enterprise-like network environment: dual firewalls, Windows domain controller, workstations, web application with DMZ and internal database.
- Log ingestion and parsing: preparing to handle and normalize data from various sources.
- Splunk data modeling for dashboarding and reporting.
- Infrastructure as code: managing Splunk configurations via Git and KRSCONF.
- Detection engineering and threat emulation exercises.
Tools Utilized: Splunk (Indexers, Cluster Manager, Search Head, Forwarders) · Check Point Firewall · Sophos Firewall · Windows Domain Controller · Web Application · KRSCONF · Git
Enviroment: Proxmox · Windows · Linux · Docker
A full-fledged home lab Security Operations Center (SOC) designed to simulate real-world enterprise security environments.
Skills Learned:
- Network Security, Endpoint Detection & Response (EDR)
- SIEM Deployment & Management (Elastic Stack)
- Threat Intelligence Integration (OpenCTI, MISP)
- Security Automation & Orchestration (TheHive, Cortex, Shuffle)
- Attack Simulation & Detection (Atomic Red Team)
- SOC Workflow Design and Collaboration
Tools Utilized: OPNSense · Elastic Stack · OpenCTI · MISP · TheHive · Cortex · Shuffle · n8n · AtomicRedTeam
Enviroment: Proxmox · Windows · Linux · Docker
Explore my threat hunting and log analysis write-ups from Splunk’s Boss of the SOC (BOTS) challenges. These write-ups demonstrate real-world skills in security operations, anomaly detection, and OSINT correlation.
- Boss of the SOC Series
Hands-on log analysis, threat hunting, and anomaly detection using Splunk and open-source intel (OSINTs).
