SIEM Research & Implementation - Graduation Project

For my graduation internship at ChipSoft, I conducted in-depth research into SIEM solutions to strengthen the organization's security monitoring capabilities. The project involved building a complete home lab environment with Active Directory, implementing Wazuh SIEM with agents across multiple hosts, and developing custom detection rules for various MITRE ATT&CK tactics including Credential Access, Lateral Movement, Persistence, Privilege Escalation, Defense Evasion, and automated threat response.

Key Highlights

// achievements

1Researched and evaluated enterprise SIEM solutions
2Built complete Active Directory lab environment
3Implemented Wazuh with Sysmon log collection
4Created custom MITRE ATT&CK detection rules
5Developed automated threat response system

Architecture Overview

// network_topology

Interactive diagram showing the system architecture. Drag to pan, scroll to zoom, and hover over nodes for details.

Host PC

VMWare Workstation

Wazuh Manager

Linux Server

Windows Server

Wazuh Agent + Sysmon

Windows User

Wazuh Agent + Sysmon

Kali Linux

Attacker Machine

VirusTotal

API Integration

Host

VMWare Virtual Network

Attacker

External API

55%

Previous ProjectRansomware Detection System2024

Next ProjectPersonal Homelab Setup2025