Project Overview
As part of the 30-Day MyDfir SOC Analyst Challenge, I kicked off my journey by building a logical diagram of a hypothetical security operations center (SOC) environment. This diagram serves as a foundational blueprint, illustrating the interactions and data flow between various components.
Key Objectives
- Gain hands-on experience in creating logical diagrams.
- Understand the fundamental structure of a SOC environment.
- Visualize the data flow and interactions between different components.
Process and Methodology
- Cloud Provider Selection: I chose Vulture as the cloud provider for this project.
- Server Creation: I created icons representing different types of servers, including Elastic & Kibana, Windows Server, Ubuntu Server, Fleet Server, OS Ticket Server, and a C2 Server.
- Connection Establishment: Arrows were used to depict the connections between these servers, symbolizing data flow and interactions.
Key Components and Interactions
- Elastic & Kibana: This server acts as a central hub for data analysis and visualization.
- Windows Server: A traditional server running the Windows operating system.
- Ubuntu Server: A Linux-based server with SSH enabled for remote access.
- Fleet Server: A server responsible for managing and monitoring other servers.
- OS Ticket Server: A server used for managing and tracking security incidents.
- C2 Server: A command and control server used for malicious activities.
Data Flow
- Logs: Logs from Windows and Ubuntu servers are forwarded to Elastic & Kibana for analysis.
- Management: The Fleet Server manages and monitors other servers.
- Incident Tickets: Security incidents are tracked and managed on the OS Ticket Server.
Conclusion
This project provided me with valuable insights into the structure of a SOC environment and the importance of logical diagrams in visualizing data flow. By understanding these concepts, I’m well-prepared to tackle more complex challenges in the upcoming days of the challenge.