Detection Engineering Lab
SOC Automation with Splunk
End-to-end security lab focused on brute-force detection, triage workflow design, and practical SOC automation patterns.
Objective
Detect suspicious authentication behavior in Windows event logs, reduce analyst noise with targeted searches, and convert findings into repeatable response logic.
Workflow
1. Data Ingestion
Collected and normalized Windows authentication events in Splunk.
2. Detection Logic
Built SPL queries to identify repeated failed logins and suspicious source patterns.
3. Triage and Validation
Reviewed correlated events, reduced false positives, and documented decision points.
4. Response Framework
Defined clear analyst actions and reusable response flow for future incidents.
Stack
- Splunk Enterprise
- SPL Query Language
- Windows Security Logs
- Python (automation support)
Skills Demonstrated
- Detection Engineering
- Log Analysis and Correlation
- SOC Triage Methodology
- Technical Documentation
Outcome
Produced a practical SOC-use-case lab with clear detection rationale, repeatable analyst workflow, and portfolio-ready evidence of security thinking.