Deploying open-source SOC lab with red team simulation, at home. Elasticsearch Stack EDR + SIEM (Part 1)
Introduction I’m always want to have my own lab that can mimic enterprise monitoring at home which include EDR (Endpoint Detection and Response), SIEM (Security Information and Event Management), case management and have a threat intel platform. It must be something that can be built from open source and free... Since there is significant upgrade on my personal workstation, I’m able to ramp up my virtualization capacity to support my endeavor. let’s gooooo! Network & Resources Allocation For this lab, everything will be deployed in virtual machine (VM) and in private network, simple. These are minimum specification I used in this lab; you can allocate more if you have more resources. CPU: 2 cores Network: bridged connection and replicate physical network connection state Storage: 80 GB RAM: 8 GB (For both Ubuntu VM, I’m allocating 16GB for better performance) Architectural & System Design Refer to the diagram above We will deploy two (2) Ubuntu 20.04 Desktop a