A virtualized enterprise network environment featuring a Domain Controller on Windows Server along with a Wazuh SIEM on an Ubuntu VM and Windows client. The home lab simulates corporate activity in order to prevent, detect and recover from real-time threats.
- SIEM: Wazuh Server on Ubuntu
- Victim: Windows 10 Enterprise Edition
- Attacker: Kali Linux
- Virtualization: VirtualBox
This lab was built on several VMs all running on the same host.
- First step was the installation of an Ubuntu VM on which, Wazuh was deployed as the SIEM
- Then a Windows server was added which was made the domain controller of the corporate network.
- Next came a Windows Enterprise edition which was installed on a separate VM and then bound to the domain via Active Directory
- Lastly, a Kali Linux VM was setup to be the attacker in this scenario.
- Wazuh agents were deployed on both the Windows server and the Windows client in order to send the logs to the SIEM.
- I set up two network adapters on each VM - One internal network and one bridged so that each VM has necessary access to the internet. However the windows client was not given access to the internet in an attempt to create a sandbox within which the testing is to take place
You can find all lab reports here