SOC Automation project part one

Today, I learned how to create a pretty neat diagram of a home lab. I will use this diagram to design my home lab in order to gain more experience in SOC Automation. How cool is it to be able to visually show how the data flows?

In this example, I will be using Wazuh, Inc. as my SIEM and XDR, TheHive Project as my case management and Shuffle as my SOAR.

I've had great experience using Wazuh, Inc. and to be able to add to an awesome workflow, brings out the geek in me. I love learning!

How does this diagram work? What does it mean?

Briefly, a Wazuh agent is installed on a Windows 10 client. Wazuh Management receives events from the Wazuh agent which then sends alerts to Shuffle. Shuffle will use open source intelligence to enrich the indicators of compromise and send the alerts to our case management, TheHive. Shuffle will then send an email to the SOC analyst with details about the alert and ask the analyst what action(s) need to be taken, if any. The action(s) will be sent back to Shuffle, which will send it to the Wazuh Manager. The Wazuh Manager will instruct the Wazuh agent to perform the action(s).

If you have experience with drafting diagrams, I'm open to learning more.

I'm following along MyDFIR's awesome SOC Automation Project on YouTube. This is part one of the series. Check it out to learn more.  MyDFIR SOC Automation Project Part One