Projects
Projects
Embedded Files
Nation State APT (Advanced Persistent Threat) Investigation
Proj
This project demonstrates a full virtual Network Security Monitoring (NSM) setup using open-source tools — Suricata, Zeek, along with Splunk Enterprise — to detect and analyze threats in a SOHO network.
Tools & Technologies
Virtualization | Google Cloud Platform (GCP)
Operating Systems | Kali Linux (Bookworm), RedHat RHEL 9
Monitoring | Suricata (IPS/IDS), Zeek (NSM)
SIEM | Splunk Enterprise, Splunk Security Essentials
Utilities | Nmap, Wireshark, TCPdump
Integrations | Corelight, Stamus
Lab Architecture
Raspberry Pi: Kali Linux w/Dual NICs (WAN & LAN), Suricata, Zeek, Splunk Forwarder
Google Cloud VM: RHEL9 running Splunk Enterprise
Splunk Forwarders: Deployed across hosts for centralized log ingestion
Key Objectives
Design a secure SOHO network architecture
Deploy Suricata for signature-based threat detection & protection
Use Zeek for behavioral traffic analysis
Centralize logs in Splunk and build dashboards
Analyze alerts and correlate events
Apply Linux admin skills and scripting
Skills Demonstrated
Computer programming
Network architecture design & isolation
Traffic capture & analysis
IDS/IPS rule & node fine-tuning for full packet processing with no drops
Zeek log interpretation (conn, dns, http, ssl, weird)
Splunk admin, search queries, and SIEM data management
Step-by-step documentation with screenshots available upon reque
This project demonstrates a full virtual Network Security Monitoring (NSM) setup using open-source tools — Suricata, Zeek, along with Splunk Enterprise — to detect and analyze threats in a SOHO network.
Tools & Technologies
Virtualization | Google Cloud Platform (GCP)
Operating Systems | Kali Linux (Bookworm), RedHat RHEL 9
Monitoring | Suricata (IPS/IDS), Zeek (NSM)
SIEM | Splunk Enterprise, Splunk Security Essentials
Utilities | Nmap, Wireshark, TCPdump
Integrations | Corelight, Stamus
Lab Architecture
Raspberry Pi: Kali Linux w/Dual NICs (WAN & LAN), Suricata, Zeek, Splunk Forwarder
Google Cloud VM: RHEL9 running Splunk Enterprise
Splunk Forwarders: Deployed across hosts for centralized log ingestion
Key Objectives
Design a secure SOHO network architecture
Deploy Suricata for signature-based threat detection & protection
Use Zeek for behavioral traffic analysis
Centralize logs in Splunk and build dashboards
Analyze alerts and correlate events
Apply Linux admin skills and scripting
Skills Demonstrated
Computer programming
Network architecture design & isolation
Traffic capture & analysis
IDS/IPS rule & node fine-tuning for full packet processing with no drops
Zeek log interpretation (conn, dns, http, ssl, weird)
Splunk admin, search queries, and SIEM data management
Step-by-step documentation with screenshots available upon reques
This project demonstrates a full virtual Network Security Monitoring (NSM) setup using open-source tools — Suricata, Zeek, along with Splunk Enterprise — to detect and analyze threats in a SOHO network.
Tools & Technologies
Virtualization | Google Cloud Platform (GCP)
Operating Systems | Kali Linux (Bookworm), RedHat RHEL 9
Monitoring | Suricata (IPS/IDS), Zeek (NSM)
SIEM | Splunk Enterprise, Splunk Security Essentials
Utilities | Nmap, Wireshark, TCPdump
Integrations | Corelight, Stamus
Lab Architecture
Raspberry Pi: Kali Linux w/Dual NICs (WAN & LAN), Suricata, Zeek, Splunk Forwarder
Google Cloud VM: RHEL9 running Splunk Enterprise
Splunk Forwarders: Deployed across hosts for centralized log ingestion
Key Objectives
Design a secure SOHO network architecture
Deploy Suricata for signature-based threat detection & protection
Use Zeek for behavioral traffic analysis
Centralize logs in Splunk and build dashboards
Analyze alerts and correlate events
Apply Linux admin skills and scripting
Skills Demonstrated
Computer programming
Network architecture design & isolation
Traffic capture & analysis
IDS/IPS rule & node fine-tuning for full packet processing with no drops
Zeek log interpretation (conn, dns, http, ssl, weird)
Splunk admin, search queries, and SIEM data management
Step-by-step documentation with screenshots available upon request
This project demonstrates a full virtual Network Security Monitoring (NSM) setup using open-source tools — Suricata, Zeek, along with Splunk Enterprise — to detect and analyze threats in a SOHO network.
Tools & Technologies
Virtualization | Google Cloud Platform (GCP)
Operating Systems | Kali Linux (Bookworm), RedHat RHEL 9
Monitoring | Suricata (IPS/IDS), Zeek (NSM)
SIEM | Splunk Enterprise, Splunk Security Essentials
Utilities | Nmap, Wireshark, TCPdump
Integrations | Corelight, Stamus
Lab Architecture
Raspberry Pi: Kali Linux w/Dual NICs (WAN & LAN), Suricata, Zeek, Splunk Forwarder
Google Cloud VM: RHEL9 running Splunk Enterprise
Splunk Forwarders: Deployed across hosts for centralized log ingestion
Key Objectives
Design a secure SOHO network architecture
Deploy Suricata for signature-based threat detection & protection
Use Zeek for behavioral traffic analysis
Centralize logs in Splunk and build dashboards
Analyze alerts and correlate events
Apply Linux admin skills and scripting
Skills Demonstrated
Computer programming
Network architecture design & isolation
Traffic capture & analysis
IDS/IPS rule & node fine-tuning for full packet processing with no drops
Zeek log interpretation (conn, dns, http, ssl, weird)
Splunk admin, search queries, and SIEM data management
Step-by-step documentation with screenshots available upon request.
Report abuse