CW-SIEM-WAZUH-01
Central SIEM platform used for log visibility, alerting, and analyst investigations.
Lab Architecture
CyberWasp enterprise-style SOC environment
Built to simulate how a Tier 1 analyst monitors endpoints, validates alerts, and investigates suspicious activity across Windows and Linux systems.
Machine Roles
Structured to mirror a small company network
CW-HR-WIN-01
Primary Windows endpoint representing a business workstation and key source of security telemetry.
CW-SRV-UBU-01
Internal Linux server used to extend monitoring beyond Windows and practice cross-platform analysis.
ATTACK-KALI-01
Adversary simulation system used to generate realistic attack traffic and evidence for investigation.
Build Process
What was implemented
- Imported and configured Wazuh OVA as the central monitoring platform
- Built a structured internal network on 192.168.100.0/24
- Configured static addressing for controlled, predictable traffic analysis
- Validated connectivity between attacker, target, server, and SIEM systems
- Prepared the environment for agent deployment, detection, and reporting
SOC Data Flow
ATTACK-KALI-01
↓
CW-HR-WIN-01 / CW-SRV-UBU-01
↓
CW-SIEM-WAZUH-01
↓
Alert triage, evidence review, reporting
Skills Demonstrated
Technical depth shown through the build
SIEM deployment
VirtualBox configuration
Static IP addressing
Windows monitoring
Linux administration
Network troubleshooting
Alert visibility planning
Environment hardening