This repository contains configuration files and rules for setting up and maintaining a Security Operations Center (SOC) environment. It includes configurations for both Linux and Windows systems, as well as Wazuh security monitoring rules.
Contains custom Wazuh rules for security monitoring and alerting. This directory includes:
local-rules.xml: Custom Wazuh rules for specific security monitoring scenariosreadme.md: Documentation for the Wazuh rules
Configuration files for the Linux host virtual machine, including:
firewall_rules: Network security configurationsossec.conf: Wazuh agent configurationwazuh_commands_in_docker: Docker-specific Wazuh commandsreadme.md: Detailed documentation for Linux host setup
Configuration files for Windows target virtual machines, including:
Sysmon/: Microsoft Sysmon configuration for advanced Windows event monitoringossec-agent (Wazuh Agent)/: Wazuh agent configuration for Windows systems
Each directory contains its own README file with specific instructions for setup and configuration. Please refer to the individual README files in each directory for detailed information about:
- Installation procedures
- Configuration steps
- Usage guidelines
- Troubleshooting tips
When contributing to this repository, please ensure that:
- All configuration changes are documented
- README files are updated accordingly
- Changes are tested in a development environment before deployment
This repository contains sensitive configuration files. Please ensure that:
- Access is restricted to authorized personnel
- No sensitive credentials are stored in the repository
- All security configurations are regularly reviewed and updated