Setting up SOC for monitoring of logs

NB: This post is part of the series on building a home lab

A Security Operation Center (SOC) is basically the facility where the information security team constantly monitors and analyzes the security of an organization. The main purpose of the SOC team is to detect, analyze and respond to cyber security incidents by using technology, people and processes.

This part of the series cover the setting up of the Security Operations Center (SOC) where cybersecurity events will be monitored, analyzed and responded to.

The steps involve is broken down below

• Install Ubuntu Desktop

• Setup Splunk on Ubuntu Desktop

• Optional: Installation of Splunk on Windows 10 Pro

• Optional: Setup Receiving and Index on Splunk on Windows 10

• Setup Splunk Forwarder on LAN Windows Server 2019

• Configure and test Splunk on Ubuntu Desktop