Summary and Links
Overview and PDF/Diagram
Project Brief Summary
– Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform).
– Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation steps.
– Integrated observables into TheHive for case tracking and stored in MISP for correlation and further enrichment.
Helpful Links
Possible Cloud Providers (They offer free credit to first-time users)
https://www.digitalocean.com/
https://www.vultr.com/
Shuffle (SOAR solution used)
https://shuffler.io/
Sites with APIs Used
https://www.virustotal.com
https://www.ip2location.io/
https://www.abuseipdb.com/
I decided to take a different route to showcase this project compared to the others. Below is a diagram of the project workflow, and below that, you will find the entire PDF of the steps that I took to set it all up. As well as my reflections for future improvements, some advice, and a hiccup I ran into.
Project PDF
Documentation of the entire setup
NOTE: If you are on your phone, the embedded PDF may not appear. There will be a link below that you can click on to open the PDF in a different tab.
You can hop around the document by clicking on the Table of Contents or using the PDF embedded ToC by clicking on the little menu Icon on the top left of the Embedder.