DevOps
Security Onion Lab
Network threat detection with automated Discord alerting
A production-grade network security monitoring lab built on a cloud server using Security Onion. The project simulates real-world attacks — HTTP floods, SSH brute-force, DoS — and demonstrates end-to-end threat detection, log analysis, and automated alerting via Discord webhooks.
Workflow
- 1Provisioned a cloud server and deployed Security Onion via Docker
- 2Configured Zeek, Suricata, and Elasticsearch for traffic analysis
- 3Simulated attacks: HTTP load tests, SSH brute force, DoS scenarios
- 4Analyzed generated alerts and correlated log patterns
- 5Built automated log parsing and Discord webhook alerting
- 6Documented attack signatures and detection accuracy
Impact
Demonstrated a full threat detection lifecycle from attack simulation to automated alerting — a practical showcase of SOC-level monitoring skills on a self-provisioned cloud environment.
Key Features
- Security Onion SIEM deployment
- Multi-vector attack simulation
- Real-time log analysis with Suricata/Zeek
- Automated Discord webhook alerting
Tech Stack
Security OnionDockerLinuxSuricataZeekDiscord Webhooks