This repository contains the deliverables for a cybersecurity capstone project focused on threat detection and incident response using a combination of industry-standard tools: Wireshark, pfSense, and Wazuh. The simulation exercise was conducted to replicate real-world cyber threats such as brute-force attacks, unauthorized access, and suspicious outbound traffic within a controlled network environment.
- Organization: SoCra Tech
- Role: Security Operations Center (SOC) Analyst
- Analyst: David Kiridi
- Date: April 25, 2025
- Wireshark: For network packet capture and traffic analysis (HTTP, DNS, SSH protocols).
- pfSense: Deployed as a firewall and IDS/IPS with Snort for traffic filtering, blocking, and alerting.
- Wazuh: Configured as a centralized SIEM for log correlation, event monitoring, and threat detection.
- Kali Linux: Used for threat simulation including brute-force SSH attacks.
The project was executed in multiple structured phases:
- Wireshark β Capturing and analyzing network traffic anomalies.
- pfSense β Setting up firewall rules, IDS/IPS (Snort), and GeoIP blocking to mitigate attacks.
- Wazuh β Real-time monitoring and alert correlation for endpoint and network logs.
- Successful detection of simulated brute-force SSH attacks.
- Identification of suspicious DNS and HTTP traffic indicating potential data exfiltration.
- Firewall effectively blocked unauthorized access attempts.
- Wazuh SIEM provided actionable alerts and log analysis for incident response validation.
- Implement SSH key-based authentication.
- Regularly update Snort rule sets.
- Employ GeoIP filtering to block traffic from high-risk regions.
- Enable automated response rules in Wazuh for critical alerts.
- Maintain centralized and secure log management for compliance and auditing.
- Wireshark captures of suspicious traffic.
- pfSense firewall rules and Snort alerts.
- Wazuh dashboards showing incident detections.
βββ Wireshark_Analysis
β βββ Screenshots, PCAPs, and Traffic Logs
βββ pfSense_Configuration
β βββ Firewall Rules, Snort Alerts, and Logs
βββ Wazuh_Monitoring
β βββ Dashboard Screenshots, Alert Logs
βββ Final_Report
β βββ David_Kiridi_SOC_Capstone.pdf
βββ README.md