Building evidencePortfolio

Case study · Operation 04

Home SOC & Splunk SIEM

Building a monitored environment for ingesting, detecting and investigating security events.

Splunk

Primary technology

04

Evidence outputs

Building evidence

Current stage

01 · Challenge

The objective

Create a practical SOC environment that demonstrates log collection, detection development, alert triage and investigation.

02 · Delivery

My contribution

  • Designing the lab architecture and security data sources.
  • Configuring log ingestion and SPL searches.
  • Developing detection queries and investigation workflows.
  • Documenting architecture, findings and supporting evidence.

03 · Evidence

Evidence and outputs

Evidence 01

Architecture diagram

Evidence 02

Detection queries

Evidence 03

Investigation notes

Evidence 04

Technical case study

04 · Reflection

What this demonstrates

This operation demonstrates practical ownership across technical investigation, risk-aware prioritisation, implementation and clear communication. It also shows how security and infrastructure work must remain usable, supportable and aligned to the live environment.

Next operation

Active Directory Security Lab

View next case study