A fully automated SOC (Security Operations Center) home lab that deploys Splunk SIEM, Windows 10 victim, and Kali Linux attacker in under *40 minutes using Vagrant and VirtualBox. *For Internet Speed of 80-100 Mbps
π Credit & Inspiration: This project is built upon the excellent work of Darsh139's SOC-HomeLab-Splunk by Darsh Acharya. His project provided the foundational architecture, detection rules, and lab design. This version adds full automation removing the hazzle of establishing the lab.
This lab simulates a real-world SOC environment on a single machine using Vagrant and VirtualBox. All components are deployed in an isolated network (192.168.10.0/24) with no exposure to your actual home network.
| Component | Role | IP Address |
|---|---|---|
| Splunk Enterprise (Ubuntu 22.04) | SIEM - Centralized log collection & analysis | 192.168.10.10 |
| Windows 10 Victim | Log source & attack target | 192.168.10.20 |
| Kali Linux Attacker | Penetration testing & attack simulation | 192.168.10.30 |
| Sysmon | Enhanced Windows event logging (Olaf Hartong config) | On Windows 10 |
| Splunk Universal Forwarder | Ships Windows logs to Splunk | On Windows 10 |
| Requirement | Minimum | Recommended |
|---|---|---|
| RAM | 16 GB | 32 GB |
| CPU | 6 cores | 8 cores |
| Storage | 40 GB free | 50+ GB free |
| VirtualBox | 7.0+ | Download |
| Vagrant | 2.3+ | Download |
| Network Speed | 40+ Mbps | 100 Mbps |