Case study · Operation 04
Home SOC & Splunk SIEM
Building a monitored environment for ingesting, detecting and investigating security events.
Splunk
Primary technology
04
Evidence outputs
Building evidence
Current stage
01 · Challenge
The objective
Create a practical SOC environment that demonstrates log collection, detection development, alert triage and investigation.
02 · Delivery
My contribution
- Designing the lab architecture and security data sources.
- Configuring log ingestion and SPL searches.
- Developing detection queries and investigation workflows.
- Documenting architecture, findings and supporting evidence.
03 · Evidence
Evidence and outputs
Evidence 01
Architecture diagram
Evidence 02
Detection queries
Evidence 03
Investigation notes
Evidence 04
Technical case study
04 · Reflection
What this demonstrates
This operation demonstrates practical ownership across technical investigation, risk-aware prioritisation, implementation and clear communication. It also shows how security and infrastructure work must remain usable, supportable and aligned to the live environment.
Next operation