Splunk SOC Detection Lab (Threat Hunting & Incident Monitoring)

Hands-on blue team home lab focused on:

• Log analysis
• Threat detection
• SPL query development
• Incident investigation
• SOC monitoring workflows

Use Cases Completed

• Brute Force Detection
• Failed Login Monitoring
• PowerShell Threat Detection
• Web Attack Detection
• IOC Threat Hunting
• Alerting and Dashboards
• Incident Investigation

Tools Used

• Splunk Enterprise
• Sysmon
• Windows Event Logs
• MITRE ATT&CK
• Wireshark (planned)

Skills Demonstrated

SIEM | Threat Hunting | SPL | Log Analysis | Detection Engineering

Repository Structure

• docs/ → Documentation, architecture diagrams and screenshots
• detections/ → Threat detection use cases
• spl-queries/ → SPL search queries and detections
• dashboards/ → Monitoring dashboards
• data/ → Sample logs and datasets
• mitre-mapping/ → ATT&CK technique mapping
• reports/ → Investigation findings