Post by Oussama EL Maskaoui

🔥 I've spent months exploring one idea: using n8n as the orchestration layer for threat detection and response. The result? A fully automated SOC. The complete pipeline: - Wazuh: Monitors endpoints for suspicious activity - Security Onion: Analyzes network traffic with Zeek and Suricata - n8n: Orchestrates the entire automation workflow - TheHive: Creates and manages security incidents - Cortex: Enriches indicators with VirusTotal, AbuseIPDB, and MaxMind - Slack & Email: Deliver alerts to the SOC team How it works: When an attack is detected (from network or endpoint), Wazuh triggers n8n to create a TheHive case. Cortex automatically enriches observables with threat intelligence. Analysts receive a Slack prompt to decide on response actions. If isolation is needed, Wazuh Active Response automatically cuts off the compromised machine. Every step is logged, enriched, and tracked. From detection to containment — fully automated. Huge thanks to Professor Ghassane Aniba for providing the infrastructure that made this lab possible. Full architecture, configs, and docs (GitHub): 🔗 https://lnkd.in/dHTF_NWZ More informations about me ? visit my portfolio : ✨ https://lnkd.in/dpTiPwVQ #Cybersecurity #SOC #ThreatDetection #BlueTeam #SecurityOperations #ThreatIntelligence #IncidentResponse #n8n #Automation #Belgium #France #Netherlands #Brussels #Paris #Amsterdam #Luxembourg #Antwerp #Rotterdam #Morocco #Casablanca #EMI #CybersecurityJobs #HiringCybersecurity #SecurityEngineer #NetworkSecurity #ThreatHunting #MalwareAnalysis #DFIR #Deloitte #HomeLab #PwC #InfoSecCommunity #Thales #IncidentManagement #AXAGBS #AXA