Duration: July 2025 – August 2025
Role: SOC Intern

Overview:
As part of my SOC internship, I was responsible for setting up and configuring the Wazuh Security Information and Event Management (SIEM) platform to enhance the organization’s ability to detect and respond to security threats. The project involved deploying Wazuh across multiple endpoints, fine-tuning its detection rules, and actively monitoring security events in real time.

Detailed Responsibilities:

• Deployment & Configuration: Installed the Wazuh manager on a Linux server and configured multiple agents on client machines to collect security event logs.

• File Integrity Monitoring (FIM): Implemented FIM to track changes in sensitive files and directories, enabling quick detection of unauthorized modifications.

• Alert Configuration: Tuned Wazuh detection rules to reduce false positives and improve accuracy for brute-force login attempts, malware activity, and policy violations.

• Integration with Threat Intelligence: Leveraged Wazuh’s built-in threat intelligence feeds to enrich alerts with external context.

• Real-Time Monitoring: Used the Wazuh dashboard to visualize alerts, investigate anomalies, and document incident findings for reporting.
  
  

Tools & Technologies:

• Wazuh (SIEM Platform)

• Linux (Server Configuration)

• File Integrity Monitoring

• Security Event Analysis

Impact & Outcome:
This deployment significantly improved the SOC’s visibility into system and network activity. The fine-tuned alert rules reduced false positives, while real-time monitoring allowed for faster incident detection and a more proactive response to emerging threats.