SOC Monitoring Lab · HYC 412
A practical security operations lab focused on monitoring, alerting, and evolving toward modern enterprise architecture including XDR, AI-assisted analysis, governance, and hybrid cloud design.
Wazuh, Syslog, and API-based ingestion pipeline.
FastAPI backend with PostgreSQL and rule-based alert engine.
SIEM concepts extended toward XDR integration.
AI-assisted analysis and enterprise governance design.
Structured alert generation from log data.
Filtering and investigation workflow.
Designed for AI, XDR, and cloud integration.
A visual concept of the SOC console experience, focused on alert visibility, log analysis, and investigation workflow.
Logs Ingested
12,480
last 24 hours
Alerts
36
severity-based detection
Rules Active
8
pipeline monitoring
Ingest authentication logs via Wazuh, normalize events, and trigger alerts when abnormal login patterns are detected.
Analysts query alerts using filter-based APIs to identify source, severity, and event patterns for rapid triage.
Extend alerts with AI-generated summaries and classification to reduce investigation time and improve response accuracy.
Security Engineer focused on SOC monitoring, cloud architecture, and AI-driven security operations. Bridging traditional infrastructure experience with modern security and data-driven approaches.
For collaboration, technical discussion, or opportunities, feel free to reach out.