SOC Simulation Lab
End-to-end SOC workflow simulator — maps attack scenarios to collected logs, runs detections, identifies visibility gaps to practice analyst triage and detection engineering.
Describe attack scenarios in YAML (what an attacker did, what telemetry should appear), feed in collected logs, and the lab runs login / scan / shell detection modules against them. Output is an end-to-end SOC scorecard: which scenarios were detected, which slipped through, and where coverage is weakest.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- Exploitation VisibilitySecurity project· Demo ready
Detection engineering lab — compares expected attack signals against collected logs to surface visibility gaps and prioritize new detection rules.
- Custom IDS ScriptSecurity project· Demo ready
Lightweight rule-based Linux intrusion detection — evaluates YAML rules against auth.log, syslog, and shell history to emit terminal, Markdown, and JSON alerts.
- Rule Tuning LabSecurity project· Demo ready
Detection tuning lab — measures false-positive rate, precision, and noise grade per detection rule, then suggests tuning improvements based on labeled log samples.
- AttackReplay StudioSecurity project· Demo ready
Visual incident replay dashboard — turns safe sample logs into an attack timeline, attack path view, GeoIP map, and incident summary.
- AutoPatch AISecurity project· Demo ready
Dependency vulnerability scanner and upgrade planner — scans package.json, requirements.txt, and Dockerfile base images, flags risky pins, produces PR-preview output.
Want a heads-up when SOC Simulation Lab releases?