This project aims to implement various aspects of a security operations center,tools used & methodologies using various open source technologies.This is simply my form of project based learning.

The main functions of a SOC are as follow:

• Take Stock of Available Resources.
• Preparation and Preventative Maintenance.
• Continuous Proactive Monitoring.
• Alert Ranking and Management.
• Threat response.
• Recovery and Remediation.
• Log Management.

1. Intrusion prevention & detection with Snort.
2. Vulnerability Scanner (OpenVAS).
3. Network monitoring with Nagios. ----> Done.
4. Maltego.(Perfoming reconnaisance)
5. Firewall:

• Bandwidth control and monitoring.
• Web filtering.
• Internet aggregation and SD WAN.
• Logging.
• Sandboxing.
• Deep Packet Inspection.

6. Splunk.
7. ELK Stack for Log monitoring

To achieve practically I will have to set-up several virtual machines that will be act as independent servers.

Ubuntu server will be the logical choice because of its lightweight minimum requirments:

• RAM: 512MB.

• CPU: 1 GHz.

• Storage: 1 GB disk space (1.75 GB for all features to be installed)