Projects

AutoSOC-first project portfolio

This page is intentionally prioritized for SOC hiring review: one flagship automation case study, two supporting projects, then additional work.

Featured

AutoSOC: automated SOC triage + evidence packs

Primary signal project: Wazuh alerts are triaged, sensitive data is redacted, evidence packs are generated, and high-signal cases are escalated.

FLAGSHIP
AutoSOC case study
Workflow pattern: Wazuh alerts -> decision logic (benign / known false positive / escalate) -> redaction -> evidence pack generation -> escalation with GitHub-ready outputs and run logs.
SOC automationEvidence workflowCase study
Supporting

Two supporting projects

Read ->
Detections library
210 verified detections across Sigma, Wazuh, and Splunk with tuning context and validation references.
MITRE mappedDetection quality
Read ->
Lab + telemetry pipeline
SOC lab data flow and runbook coverage that feeds the AutoSOC workflow from detection through escalation output.
Wazuh + SysmonOperational runbooks
Other Builds

Additional work

Everything below supports SOC operations depth, but is intentionally secondary to the AutoSOC signal.

Open additional projects
Read ->
Sigma detection library
103 Sigma rules with ATT&CK alignment and false-positive handling notes.
Detection engineering
Read ->
IR alert investigation
Structured incident analysis from alert intake through disposition and evidence capture.
Incident response
Read ->
CVE patch workflow
Detect -> triage -> patch -> verify with evidence-linked closure reporting.
Vulnerability response
Read ->
Honeypot telemetry stack
Cowrie + Wazuh + Grafana workflow for attacker behavior collection and analysis.
Telemetry enrichment