A prototype Security Operations Center (SOC) was built for a demonstration of capabilities. A fortune 100 company is in need of a SOC for their network, and would like to see a practical demonstration of a possible solution.

The SOC was built around the Security Onion OS, and deployed through the distributed deployment method to provide comparable design to the client’s network needs. The Security Onion framework uses open-source tools used in network monitoring, analysis, and forensics to give network admins a complete overview of their network traffic. The Security Onion SOC is capable of live traffic monitoring, providing customizable alerts both rule and event driven, full packet capture and analysis, and many other security tools. Data captured from Bro and Snort or Suricata is processed and analyzed with Squert, Sguil, Elasticsearch, and Kibana into a comprehensible and seamless Security Operations Center.

Project Student: Andrew Webb

Author