In Episode 8 of our cyber security virtual lab building series, we set the stage and some future goals as to where we are heading with this series. We briefly recap the first 7 videos, showcasing OPNSense and introduce both blue team and read team cyber security operations into our lab.
For our cybersecurity blue team, we will building a Security Operations Center (SOC) and setup Wazuh as a SIEM (Security Incident & Event Management) platform, integrating in The HIVE, a SIRP (Security Incident Response Platform) which will facilitate or security event case management. In addition to this, cases created in The HIVE will be fed into Cortex a powerful observables analysis and active response engine, which compares intelligence against MISP and other analyzers to determine an active response. Later, we will be integrating all of the above to create a SOAR (Security Orchestration, Automation and Response) system, which through automation takes some of the load away from the security team.
Moving over to our cybersecurity red team operations, we will configure CALDERA, a automated adversary emulation framework that allows us to simulate the various attacks and techniques listed in the MITER ATT&CK framework.
Our endpoints being a Windows Server, Ubuntu Server and Windows 10 Pro desktop will be installed with the Wazuh EDR/XDR agent which will report to and respond to any security events to the SIEM.
The ultimate goal of this series to to look at both the cyber security blue team and red team perspectives and understand how to attack and defend, providing you with take away skills that you can use in real world scenarios to strengthen your overall cyber security posture. If you have been enjoying this series so far, please don’t forget to like and subscribe!
Links used in this lab: