{"id":1045,"date":"2025-06-28T04:50:09","date_gmt":"2025-06-28T04:50:09","guid":{"rendered":"https:\/\/victorcoil.tech\/?page_id=1045"},"modified":"2025-07-01T04:12:18","modified_gmt":"2025-07-01T04:12:18","slug":"cloud-based-soc-automation","status":"publish","type":"page","link":"https:\/\/victorcoil.tech\/?page_id=1045","title":{"rendered":"Cloud-Based SOC Automation"},"content":{"rendered":"\n<div class=\"wp-block-group has-zeever-bgsoft-background-color has-background is-layout-constrained wp-container-core-group-is-layout-22177b6a wp-block-group-is-layout-constrained\" style=\"padding-top:100px;padding-bottom:100px\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading has-text-align-left is-style-lineseparator zeever-animate zeever-move-right zeever-delay-1 has-zeever-primary-color has-text-color has-heading-2-font-size\">Summary and Links<\/h2>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-left zeever-animate zeever-move-right zeever-delay-3 has-zeever-secondary-color has-text-color has-tiny-font-size\" style=\"font-style:normal;font-weight:500;text-transform:uppercase\">Overview and PDF\/Diagram<\/h2>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group zeever-animate zeever-move-up zeever-delay-3 is-layout-constrained wp-container-core-group-is-layout-32cee7d8 wp-block-group-is-layout-constrained\" style=\"padding-top:40px\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-style-customborderbottomhover zeever-animate zeever-move-up zeever-delay-1 has-background is-layout-flow wp-block-column-is-layout-flow\" style=\"background-color:#121212;padding-top:50px;padding-right:40px;padding-bottom:50px;padding-left:40px\">\n<h2 class=\"wp-block-heading has-text-align-left has-zeever-primary-color has-text-color has-heading-3-font-size\" style=\"margin-top:20px;font-style:normal;font-weight:600\">Project Brief Summary<\/h2>\n\n\n\n<p class=\"has-text-align-left has-zeever-bodytext-color has-text-color\">&#8211; Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform).<br> <br>&#8211; Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation steps.<br> <br>&#8211; Integrated observables into TheHive for case tracking and stored in MISP for correlation and further enrichment.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-style-customborderbottomhover zeever-animate zeever-move-up zeever-delay-3 has-background is-layout-flow wp-block-column-is-layout-flow\" style=\"background-color:#121212;padding-top:50px;padding-right:40px;padding-bottom:50px;padding-left:40px\">\n<h2 class=\"wp-block-heading has-text-align-left has-zeever-primary-color has-text-color has-heading-3-font-size\" style=\"margin-top:20px;font-style:normal;font-weight:600\">Helpful Links<\/h2>\n\n\n\n<p class=\"has-text-align-left has-zeever-bodytext-color has-text-color\">Possible Cloud Providers (They offer free credit to first-time users)<br>https:\/\/www.digitalocean.com\/<br>https:\/\/www.vultr.com\/<br><br>Shuffle (SOAR solution used)<br>https:\/\/shuffler.io\/<br><br>Sites with APIs Used<br>https:\/\/www.virustotal.com<br>https:\/\/www.ip2location.io\/<br>https:\/\/www.abuseipdb.com\/<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>I decided to take a different route to showcase this project compared to the others. Below is a diagram of the project workflow, and below that, you will find the entire PDF of the steps that I took to set it all up. As well as my reflections for future improvements, some advice, and a hiccup I ran into.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" width=\"904\" height=\"698\" src=\"https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/SOARV1ProjectDiagram-2.png\" alt=\"\" class=\"wp-image-1078\" srcset=\"https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/SOARV1ProjectDiagram-2.png 904w, https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/SOARV1ProjectDiagram-2-300x232.png 300w, https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/SOARV1ProjectDiagram-2-768x593.png 768w\" sizes=\"(max-width: 904px) 100vw, 904px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-zeever-bgsoft-background-color has-background is-layout-constrained wp-container-core-group-is-layout-22177b6a wp-block-group-is-layout-constrained\" style=\"padding-top:100px;padding-bottom:100px\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading has-text-align-left is-style-lineseparator zeever-animate zeever-move-right zeever-delay-1 has-zeever-primary-color has-text-color has-heading-2-font-size\">Project PDF<\/h2>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-left zeever-animate zeever-move-right zeever-delay-3 has-zeever-secondary-color has-text-color has-tiny-font-size\" style=\"font-style:normal;font-weight:500;text-transform:uppercase\">Documentation of the entire setup<\/h2>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group zeever-animate zeever-move-up zeever-delay-3 is-layout-constrained wp-container-core-group-is-layout-32cee7d8 wp-block-group-is-layout-constrained\" style=\"padding-top:40px\">\n<p>NOTE: If you are on your phone, the embedded PDF may not appear. There will be a link below that you can click on to open the PDF in a different tab.<\/p>\n<\/div>\n\n\n\n<p>You can hop around the document by clicking on the Table of Contents or using the PDF embedded ToC by clicking on the little menu Icon on the top left of the Embedder.<\/p>\n\n\n\n<div data-wp-interactive=\"core\/file\" class=\"wp-block-file\" style=\"margin-top:50px;margin-right:50px;margin-bottom:50px;margin-left:50px;padding-top:50px;padding-right:0px;padding-bottom:50px;padding-left:0px\"><object data-wp-bind--hidden=\"!state.hasPdfPreview\" hidden class=\"wp-block-file__embed\" data=\"https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/Project-CB-SOC-SOAR-TIP-2.pdf\" type=\"application\/pdf\" style=\"width:100%;height:800px\" aria-label=\"Embed of Project-CB-SOC-SOAR-TIP.\"><\/object><a id=\"wp-block-file--media-a46d9928-63b5-4315-a6cf-bcb73dc9209e\" href=\"https:\/\/victorcoil.tech\/wp-content\/uploads\/2025\/07\/Project-CB-SOC-SOAR-TIP-2.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Project-CB-SOC-SOAR-TIP<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Summary and Links Overview and PDF\/Diagram Project Brief Summary &#8211; Designed and implemented an automated SOC workflow with the combination of Wazuh (XDR Solution), Shuffle (SOAR Solution), TheHive (Case Management Platform), and MISP (Threat Intelligence Platform). &#8211; Configured Wazuh to trigger custom alerts forwarded to Shuffle for enrichment, dissemination, and analyst-in-the-loop approval before executing remediation steps. &#8211; Integrated observables into TheHive for case tracking and stored in MISP for correlation and further enrichment. Helpful Links Possible Cloud Providers (They offer free credit to first-time users)https:\/\/www.digitalocean.com\/https:\/\/www.vultr.com\/ Shuffle (SOAR solution used)https:\/\/shuffler.io\/ Sites with APIs Usedhttps:\/\/www.virustotal.comhttps:\/\/www.ip2location.io\/https:\/\/www.abuseipdb.com\/ I decided to take a different route<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"class_list":["post-1045","page","type-page","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/pages\/1045","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/victorcoil.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1045"}],"version-history":[{"count":36,"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/pages\/1045\/revisions"}],"predecessor-version":[{"id":1111,"href":"https:\/\/victorcoil.tech\/index.php?rest_route=\/wp\/v2\/pages\/1045\/revisions\/1111"}],"wp:attachment":[{"href":"https:\/\/victorcoil.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}