Let’s discuss how we can build a SOC (Security Operation Center) using open source software. A security operations center (SOC) is a centralized unit that deals with security issues on an organizational and technical level. A SIEM is the most important tool within the SOC. SIEM systems provide quicker identification, analysis, and recovery of security events. They also allow compliance managers to confirm they are fulfilling an organization’s legal compliance requirements.

The first area organizations monitor is their network to ensure the availability of their services. These NOCs (Network operation center) are usually built on top of monitoring tools or solutions such as Nagios or Zabbix.

The next area organizations monitor is the security of the infrastructure. A simple and efficient way to achieve this goal is to create a SOC that can give you the overview of your security status and centralize the logs gathered across your IT. A simple SOC can be built by using 2 types of the following software:

  1. Continuous vulnerability assessment scanner. You can use Faraday – IPE (Integrated Penetration-Test Environment) for the vulnerability scanner.
  2. SIEM (System Information and Event Management).For SIEM you can use – OSSIM

OSSIM (Open Source Security Information Management) is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection, and prevention.

Faraday (CONTINUOUS SCANNING) is platform offers the possibility to do continuous scanning using almost all the auditing tools on the market. The goal of this page is guiding through setting up Faraday to do a scan every week or after some event, all with different tools and obtaining all the results on Faraday platform.

This two software will be sufficient to run the simple SOC. Almost the monitoring and continues vulnerability assessment is covered by this software. 

IoT Operation Center:
IoT security is the next big challenge coming to the IT security industry. As per Forbes IoT technologies, apps and solutions will reach $267B by 2020. The number of connected IoT (Internet of Things) devices, sensors, and actuators will reach over 46 billion in 2021.But still, there is no IoT operation center. IT Peoples are talking about it everywhere. This is the time to build a SIEM for IoT.  I have seen developers are interested in this type of projects. Recently one project catch my eye, which is ASTo – A graphical security analysis tool for IoT networks.
On my next article, I will discuss on IoT operation center.

Authored by: 
Argha Chatterjee,
System Analyst
Connect with me @ LinkedIn