Design and Implementation of an Open-Source Security Operations Center for Effective Cyber Threat Detection and Response

Given the increasing number of various cyberattacks targeting companies of all categories, it is crucial to make sure that organizational assets and infrastructure are correctly monitored for security threats in order to facilitate early detection and response. It is possible to provide sufficient security monitoring and incident response by utilizing a security information and event management (SIEM) tool in conjunction with additional security technologies, such as an extended detection and response (XDR) tool, all of which are located within an organizational unit. This study creates a OCS architecture with multiple elements to guarantee full security visibility across digital assets and endpoints. After that, it suggests open-source, inexpensive tools for putting this architecture into practice. In order to verify that this architecture is performing correctly, Utilizing the proposed methods, the architecture was put into practice. These included Suricata for network intrusion detection, The Hive for case management, and the Wazuh platform for XDR and SIEM tools. This deployed architecture was then used to monitor endpoints and run a variety of cybersecurity scenarios, including malware downloads, brute force attacks, and denial-of-service attacks. According to the results, the tools used carried out the proper exposure assessment and were able to identify and react to the different circumstances. Using open-source tools, this article presented a operations Center for Security design and successfully applied it to identify common cybersecurity threats.