Soc Open Source is a Project Designed for Security Analysts and all SOC audiences who wants to play with implementation and explore the Modern SOC architecture. All of the components are used based on Open Source Projects(Available at the time of first commit). This is Part-1, we will show the base of the model with ELK, TheHive- Cortex-MISP and we will use some dummy data to ingest in ELK. In coming up episodes, we will include more data sources to ELK- Wazuh, Snort, Honeypot and Also we will integrate Atomic Red Team to ELK for Attack Simulation. We will also show how can you automate your flows with Shuffle. So watch this space out! This Project serves below usecases: 👉Collect Data to a Single Place. 👉Normalize and Parse Data 👉Visualize Data and prepare meaningful Security Analytics 👉Create Incidents/Cases out of Security Alerts identified based on collected data/logs 👉Automate process of Threat Hunt, Creation of actionable Playbooks, SOC data Analytics 👉Automate the process of analysis observables they have collected, at scale, by querying a single tool instead of several 👉Actively respond to threats and interact with the constituency and other teams 👉Enrich Data feeds with Open Source Threat Intelligence Platform In this episode, I will cover from scratch how can you install all of the components- Elastic Stack, TheHive, Cortex, MISP and will also show how can you integrate all of these components with each other. This Project can be used to any small/big organizations who wants to create their SOC Set up using Open Source Tools, also by any Security Analysts, Engineers who wants to build a SOC Lab which has all of the components- SIEM, Case Management, Threat Intel Platform, Threat Hunt & Analytics capability and lot more. You will find similar kind of projects online but this is the FIRST TIME we are showing everything bundled up and with full working condition. Just follow along the tutorial to get a high level overview of the end product and get started from the Git Repo Below. 🔗LINKs for your requirements- ------------------------------------------------------------------------------------------------------------------------- 1. Project- github.com/archanchoudhury/SO... WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course 👉kzbin.info/aero/PLj... DFIR Free Tools and Techniques 👉 kzbin.info/aero/PLj... Windows and Memory Forensics 👉 kzbin.info/aero/PLj... Malware Analysis 👉 kzbin.info/aero/PLj... SIEM Tutorial 👉 kzbin.info/aero/PLj... Threat Hunt & Threat Intelligence 👉 kzbin.info/aero/PLj... ⌚ Timelines ------------------------------------------------------------------------------------------------------------------------- 0:00 ⏩ Introduction 1:28 ⏩ Architecture Overview 8:40 ⏩ Overview of the full setup 22:12 ⏩ Install the components 41:30 ⏩ Integrate the components 48:01 ⏩ Summarize 📞📲 FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: www.linkedin.com/company/blac... ✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Git: github.com/archanchoudhury ✔ Insta: (blackperl_dfir)instagram.com/blackperl_d... ✔ Can be reached via archan.fiem.it@gmail.com SUPPORT BLACKPERL ------------------------------------------------------------------------------------------------------------------------- ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ ➡ SUBSCRIBE, Share, Like, Comment ☕ Buy me a Coffee 👉 www.buymeacoffee.com/BlackPerl 📧 Sponsorship Inquiries: archan.fiem.it@gmail.com ------------------------------------------------------------------------------------------------------------------------- 🙏 Thanks for watching!! Be CyberAware!! 🤞

Great guru dev ... Esa content koi. Nhi deta but aap aache se share kr dete ho ...💥💥🙌🙌🙌🙌🙌🙌🙌🙌🙌🙌🙌🙌🙌🙌 thanks 😊

Finally someone take the initiative!!!

Thank you so much vai bahat helpfull video oll in soliusation thank you so much brother

Can we install the same setup in local machine in virtual box or VMware ?

What VM requierements do i need?

Can I get thoughts on doing this versus something like Security Onion. Hive and Cortex used to be part of SO, until Hive changed their licensing.

Thanks excellent ,informative lecture

I have set up as documented but when start service thehive is still running but no port 9000 appears

Your video is fantastic, but with the end of the thehive open source project, and with your new stragebee licensing for version 5 of Thehive where you have limitations on community license, what alternative and recommendation for a soc project. Tell me about this.

Great video tutorial and works perfectly, unfortunately for webhook connector in elk you need a subscription to activate it or do you have another tutorial to activate it without subscription?

at the connector stage of elasticsearch-thehive webhook gives the error [404] Not Found: /api/cases please help me

can you please make a video how can i install cortex on ubuntu. I tried so many times and i installed it on my machine but when i run it on browser on port 9001 than it show connection closed. Can you please help?

Thank you very much for sharing this!

Thanks for the great content. I have a question , we can create alerts and rules only with paid version of elasticstack, any way to use it for free even after free trial ends?

Hi, Is there any video how to install SIEM tool on windows or ubuntu from scratch? I can't find a good video to install it, anyone would like to help. Thank you

sir i want to connect filebeat to misp . sir is there are possible way or tutorial to archived that target

What about the hardware if I want to build for enterprise 500+ users

do you think this project is a good open-source alternative to splunk?

can you achieve this setup on a local machine using oracle virtual box instead of aws?

can i replace elastic siem with wazuh?

The docker compost file is not available anymore! Could you upload it again?

H, Archan! To create connectors for the hive, a license is required for the elasticsearch, right?

Hello, i have a problem for bringing the hive instance up. There is a weird error that i cant solve can you help me with this problem?

Have you changed the link of ELK compose it is 404 not found

hey, how much RAM and HDD are required for each of the components ?

in my elasticsearchnyml file securty is enabled, after that i am not able to open cortex web interface . It is showing elasticsearch connection refused

Hi BlackPerl. Thanks for the great content. I have a question for you. Can I run this project only on one instance in AWS? Let's say on t3a.xlarge?

Thanks for this amazing video, just a quick help required, not able to find the ELK yml code on your git repository

Hello, Do you have a latest version of GitHub for open source soc solution ?

Hi Sir, I have stuck between cortex and the hive setup can you pls send us a document for implementing this server.

how many ressource i need to run this project ( 16 RAM good ? )

link to download elasticsearch and kibana docker is not working, error 404

sir is it offline or online ????

How do you manage the upgrades and least storage consumption without impacting performance? Another thing is since Elasticsearch has to be a subscribed one, it's no longer open source anymore.

is there any part where we need credit card details or pay for something

Hi Archan, I'm trying to assemble the Elastic SIEM solution in my local environment, but I'm having difficulties making the integrations because the opensource version doesn't support connectors. Is there any way I can generate these alerts and integrations for free?

Excellent thanks! Could you activate the automatic subtitles option in this video?

Interestting topic but it would be interessting to include an open source NGFW ( next generation firewall)

Sir can you let us know how to configure cortex?

Hi BlackPerl, this video is amazing.. and i installed and configured the ELK, thehive, cortex, and MISP, now i can able to create automatic ticket in thehive but cortex and MISP part is not working.. i am not get alert.. i am struggling more than 20days..Kindly help me ASAP

nice tutorial. deeply described. Why dont you include Wazuh in it??

how enable ssl in cortex

Great content ! Many thanks !

Nice video, how do we install it all? Step by step instructions?

buddy watched the whole video now ..can you make another video where u ingest malicious test data to elastic and show the flow among other products...please

sir can i send theHive alerts to opencti

bro, why Installation Guide pages is different with this videos? 😄

Great content. Thank you. I keep getting a " ERROR 404: Not Found." error everytime i try to download the "docker-compose.yml" file.

i believe this is outdated. any chance to update this ?

Good one mate

I was waiting for a full tutorial on Elastic and installing all of this. Too bad you are skipping this part

to create rules in ELK it is not free

Archan you are champ!!!!

please share the github link

please enable subtitle @@

nice

great!

Make a video of obj/streams in pdf in Hindi.

👍👍👍👍

Honestly whatever you have shown in the video is not there in the repository. Its dubious and misleading. Sorry to say this.

ELK isn't 💯 open source