This project is a fully containerized, advanced Security Operations Center (SOC) simulation and response platform. It integrates a SIEM module (using Wazuh & Elastic Stack), a SOAR module (using TheHive & Cortex), and advanced threat hunting capabilities—all orchestrated with Docker for a production‑grade deployment.
- SIEM Engine: Collects, parses, and analyzes logs in real time.
- SOAR Automation: Automates incident enrichment, analysis, and response.
- Threat Hunting: Provides dynamic dashboards with MITRE ATT&CK integration.
- Simulated Attacks: Generates controlled incidents for training and testing.
Please follow the detailed documentation in the docs/ folder for environment setup, module configuration, and advanced integration.