Intermediate Pro

Splunk SOAR Home-Lab

Build a SOAR-enabled SIEM lab with Splunk Phantom, Splunk Enterprise, Wazuh sensors/agents, DMZ hosts, integrations (VirusTotal, Slack, ServiceNow, Outlook) and AWS GuardDuty alerting into Phantom.

Self-Paced by Rajneesh Gupta

Overview

Deploy a CentOS Splunk Phantom appliance and Ubuntu Splunk Enterprise server.
Install Wazuh manager and agents to collect host telemetry and EDR-like alerts.
Deploy Suricata IDS and DMZ hosts (Windows & Ubuntu) forwarding to Splunk/Wazuh.
Integrate external threat services (VirusTotal, ServiceNow, Slack, Outlook).
Automate AWS GuardDuty findings ingestion into Splunk Phantom for playbook response.

What You'll Learn

  • Splunk Phantom deployment

    How to install and set up Phantom on a CentOS VM, enable apps and users (short).

  • Splunk Enterprise + Wazuh

    Configure Splunk Enterprise, HEC and Wazuh manager to index host/alert data (short).

  • DMZ host & Wazuh agent

    Install and configure Wazuh agent on Windows & Ubuntu to forward telemetry (short).

  • Integrations & AWS GuardDuty

    Connect VirusTotal, Slack, ServiceNow, Outlook and ingest GuardDuty findings into Phantom (short).

Prerequisites

  • Virtualization platform (VirtualBox/VMware/Proxmox) with NAT/host-only networks
  • Basic Linux (CentOS/Ubuntu) & Windows admin privileges
  • Splunk Enterprise license (free trial acceptable) and internet access for downloads
  • AWS account (with permissions to enable GuardDuty & create IAM roles)

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.

Threat Hunting Home-Lab(using Velociraptor)
Pro Beginner

Threat Hunting Home-Lab(using Velociraptor)

Deploy, Configure, and Hunt Threats with Velociraptor Forensics Platform

AWS GuardDuty Findings Ingestion in Splunk using S3 and KMS Encryption
Pro Intermediate

AWS GuardDuty Findings Ingestion in Splunk using S3 and KMS Encryption

Build a secure pipeline to export GuardDuty security findings to an encrypted S3 bucket and automatically ingest them into Splunk for centralized threat monitoring and analysis.