{"id":1045,"date":"2025-06-28T04:50:09","date_gmt":"2025-06-28T04:50:09","guid":{"rendered":"https:\/\/victorcoil.tech\/?page_id=1045"},"modified":"2025-07-01T04:12:18","modified_gmt":"2025-07-01T04:12:18","slug":"cloud-based-soc-automation","status":"publish","type":"page","link":"https:\/\/victorcoil.tech\/?page_id=1045","title":{"rendered":"Cloud-Based SOC Automation"},"content":{"rendered":"\n<div class=\"wp-block-group has-zeever-bgsoft-background-color has-background is-layout-constrained wp-container-core-group-is-layout-8fda3007 wp-block-group-is-layout-constrained\" style=\"padding-top:100px;padding-bottom:100px\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading has-text-align-left is-style-lineseparator zeever-animate zeever-move-right zeever-delay-1 has-zeever-primary-color has-text-color has-heading-2-font-size\">Summary and Links<\/h2>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-left zeever-animate zeever-move-right zeever-delay-3 has-zeever-secondary-color has-text-color has-tiny-font-size\" style=\"font-style:normal;font-weight:500;text-transform:uppercase\">Overview and PDF\/Diagram<\/h2>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group zeever-animate zeever-move-up zeever-delay-3 is-layout-constrained wp-container-core-group-is-layout-e0c1be90 wp-block-group-is-layout-constrained\" style=\"padding-top:40px\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-style-customborderbottomhover zeever-animate zeever-move-up zeever-delay-1 has-background is-layout-flow wp-block-column-is-layout-flow\" style=\"background-color:#121212;padding-top:50px;padding-right:40px;padding-bottom:50px;padding-left:40px\">\n<h2 class=\"wp-block-heading has-text-align-left has-zeever-primary-color has-text-color has-heading-3-font-size\" style=\"margin-top:20px;font-style:normal;font-weight:600\">Project Brief Summary<\/h2>\n\n\n\n<p class=\"has-text-align-left has-zeever-bodytext-color has-text-color wp-block-paragraph\">&#8211; Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform).<br> <br>&#8211; Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation steps.<br> <br>&#8211; Integrated observables into TheHive for case tracking and stored in MISP for correlation and further enrichment.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-style-customborderbottomhover zeever-animate zeever-move-up zeever-delay-3 has-background is-layout-flow wp-block-column-is-layout-flow\" style=\"background-color:#121212;padding-top:50px;padding-right:40px;padding-bottom:50px;padding-left:40px\">\n<h2 class=\"wp-block-heading has-text-align-left has-zeever-primary-color has-text-color has-heading-3-font-size\" style=\"margin-top:20px;font-style:normal;font-weight:600\">Helpful Links<\/h2>\n\n\n\n<p class=\"has-text-align-left has-zeever-bodytext-color has-text-color wp-block-paragraph\">Possible Cloud Providers (They offer free credit to first-time users)<br>https:\/\/www.digitalocean.com\/<br>https:\/\/www.vultr.com\/<br><br>Shuffle (SOAR solution used)<br>https:\/\/shuffler.io\/<br><br>Sites with APIs Used<br>https:\/\/www.virustotal.com<br>https:\/\/www.ip2location.io\/<br>https:\/\/www.abuseipdb.com\/<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">I decided to take a different route to showcase this project compared to the others. Below is a diagram of the project workflow, and below that, you will find the entire PDF of the steps that I took to set it all up. As well as my reflections for future improvements, some advice, and a hiccup I ran into.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" width=\"904\" height=\"698\" src=\"https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/SOARV1ProjectDiagram-2.png\" alt=\"\" class=\"wp-image-1078\" srcset=\"https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/SOARV1ProjectDiagram-2.png 904w, https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/SOARV1ProjectDiagram-2-300x232.png 300w, https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/SOARV1ProjectDiagram-2-768x593.png 768w\" sizes=\"(max-width: 904px) 100vw, 904px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-zeever-bgsoft-background-color has-background is-layout-constrained wp-container-core-group-is-layout-8fda3007 wp-block-group-is-layout-constrained\" style=\"padding-top:100px;padding-bottom:100px\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading has-text-align-left is-style-lineseparator zeever-animate zeever-move-right zeever-delay-1 has-zeever-primary-color has-text-color has-heading-2-font-size\">Project PDF<\/h2>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-left zeever-animate zeever-move-right zeever-delay-3 has-zeever-secondary-color has-text-color has-tiny-font-size\" style=\"font-style:normal;font-weight:500;text-transform:uppercase\">Documentation of the entire setup<\/h2>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group zeever-animate zeever-move-up zeever-delay-3 is-layout-constrained wp-container-core-group-is-layout-e0c1be90 wp-block-group-is-layout-constrained\" style=\"padding-top:40px\">\n<p class=\"wp-block-paragraph\">NOTE: If you are on your phone, the embedded PDF may not appear. There will be a link below that you can click on to open the PDF in a different tab.<\/p>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">You can hop around the document by clicking on the Table of Contents or using the PDF embedded ToC by clicking on the little menu Icon on the top left of the Embedder.<\/p>\n\n\n\n<div data-wp-interactive=\"core\/file\" class=\"wp-block-file\" style=\"margin-top:50px;margin-right:50px;margin-bottom:50px;margin-left:50px;padding-top:50px;padding-right:0px;padding-bottom:50px;padding-left:0px\"><object data-wp-bind--hidden=\"!state.hasPdfPreview\" hidden class=\"wp-block-file__embed\" data=\"https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/Project-CB-SOC-SOAR-TIP-2.pdf\" type=\"application\/pdf\" style=\"width:100%;height:800px\" aria-label=\"Embed of Project-CB-SOC-SOAR-TIP.\"><\/object><a id=\"wp-block-file--media-a46d9928-63b5-4315-a6cf-bcb73dc9209e\" href=\"https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/Project-CB-SOC-SOAR-TIP-2.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Project-CB-SOC-SOAR-TIP<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Summary and Links Overview and PDF\/Diagram Project Brief Summary &#8211; Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). &#8211; Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation steps. &#8211; Integrated observables into TheHive for case tracking and stored in MISP for correlation and further enrichment. Helpful Links Possible Cloud Providers (They offer free credit to first-time users)https:\/\/www.digitalocean.com\/https:\/\/www.vultr.com\/ Shuffle (SOAR solution used)https:\/\/shuffler.io\/ Sites with APIs Usedhttps:\/\/www.virustotal.comhttps:\/\/www.ip2location.io\/https:\/\/www.abuseipdb.com\/ I decided to take a different route<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"class_list":["post-1045","page","type-page","status-publish","hentry"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"Summary and Links Overview and PDF\/Diagram Project Brief Summary - Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). - Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/victorcoil.tech\/?page_id=1045\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Victor Coil | Security Operations &amp; Detection Engineering - Cybersecurity Projects\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Cloud-Based SOC Automation - Victor Coil | Security Operations &amp; Detection Engineering\" \/>\n\t\t<meta property=\"og:description\" content=\"Summary and Links Overview and PDF\/Diagram Project Brief Summary - Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). - Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/victorcoil.tech\/?page_id=1045\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2025-06-28T04:50:09+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2025-07-01T04:12:18+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Cloud-Based SOC Automation - Victor Coil | Security Operations &amp; Detection Engineering\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Summary and Links Overview and PDF\/Diagram Project Brief Summary - Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). - Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/victorcoil.tech\\\/?page_id=1045#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/victorcoil.tech#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/victorcoil.tech\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/victorcoil.tech\\\/?page_id=1045#listItem\",\"name\":\"Cloud-Based SOC Automation\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/victorcoil.tech\\\/?page_id=1045#listItem\",\"position\":2,\"name\":\"Cloud-Based SOC Automation\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/victorcoil.tech#listItem\",\"name\":\"Home\"}}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/victorcoil.tech\\\/?page_id=1045#webpage\",\"url\":\"https:\\\/\\\/victorcoil.tech\\\/?page_id=1045\",\"name\":\"Cloud-Based SOC Automation - Victor Coil | Security Operations & Detection Engineering\",\"description\":\"Summary and Links Overview and PDF\\\/Diagram Project Brief Summary - Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). - Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/victorcoil.tech\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/victorcoil.tech\\\/?page_id=1045#breadcrumblist\"},\"datePublished\":\"2025-06-28T04:50:09+00:00\",\"dateModified\":\"2025-07-01T04:12:18+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/victorcoil.tech\\\/#website\",\"url\":\"https:\\\/\\\/victorcoil.tech\\\/\",\"name\":\"Victor Coil Portfolio\\\/Project Archive\",\"description\":\"Cybersecurity Projects\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/victorcoil.tech\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Cloud-Based SOC Automation - Victor Coil | Security Operations & Detection Engineering","description":"Summary and Links Overview and PDF\/Diagram Project Brief Summary - Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). - Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation","canonical_url":"https:\/\/victorcoil.tech\/?page_id=1045","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BreadcrumbList","@id":"https:\/\/victorcoil.tech\/?page_id=1045#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/victorcoil.tech#listItem","position":1,"name":"Home","item":"https:\/\/victorcoil.tech","nextItem":{"@type":"ListItem","@id":"https:\/\/victorcoil.tech\/?page_id=1045#listItem","name":"Cloud-Based SOC Automation"}},{"@type":"ListItem","@id":"https:\/\/victorcoil.tech\/?page_id=1045#listItem","position":2,"name":"Cloud-Based SOC Automation","previousItem":{"@type":"ListItem","@id":"https:\/\/victorcoil.tech#listItem","name":"Home"}}]},{"@type":"WebPage","@id":"https:\/\/victorcoil.tech\/?page_id=1045#webpage","url":"https:\/\/victorcoil.tech\/?page_id=1045","name":"Cloud-Based SOC Automation - Victor Coil | Security Operations & Detection Engineering","description":"Summary and Links Overview and PDF\/Diagram Project Brief Summary - Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). - Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/victorcoil.tech\/#website"},"breadcrumb":{"@id":"https:\/\/victorcoil.tech\/?page_id=1045#breadcrumblist"},"datePublished":"2025-06-28T04:50:09+00:00","dateModified":"2025-07-01T04:12:18+00:00"},{"@type":"WebSite","@id":"https:\/\/victorcoil.tech\/#website","url":"https:\/\/victorcoil.tech\/","name":"Victor Coil Portfolio\/Project Archive","description":"Cybersecurity Projects","inLanguage":"en-US","publisher":{"@id":"https:\/\/victorcoil.tech\/#person"}}]},"og:locale":"en_US","og:site_name":"Victor Coil | Security Operations &amp; Detection Engineering - Cybersecurity Projects","og:type":"article","og:title":"Cloud-Based SOC Automation - Victor Coil | Security Operations &amp; Detection Engineering","og:description":"Summary and Links Overview and PDF\/Diagram Project Brief Summary - Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). - Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation","og:url":"https:\/\/victorcoil.tech\/?page_id=1045","article:published_time":"2025-06-28T04:50:09+00:00","article:modified_time":"2025-07-01T04:12:18+00:00","twitter:card":"summary_large_image","twitter:title":"Cloud-Based SOC Automation - Victor Coil | Security Operations &amp; Detection Engineering","twitter:description":"Summary and Links Overview and PDF\/Diagram Project Brief Summary - Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). - Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation"},"aioseo_meta_data":{"post_id":"1045","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"WebPage","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2025-06-28 04:19:15","updated":"2025-07-01 04:21:27","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/victorcoil.tech\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tCloud-Based SOC Automation\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/victorcoil.tech"},{"label":"Cloud-Based SOC Automation","link":"https:\/\/victorcoil.tech\/?page_id=1045"}],"_links":{"self":[{"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/pages\/1045","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/victorcoil.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1045"}],"version-history":[{"count":36,"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/pages\/1045\/revisions"}],"predecessor-version":[{"id":1111,"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/pages\/1045\/revisions\/1111"}],"wp:attachment":[{"href":"https:\/\/victorcoil.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}