Building a Cloud-Based Home SOC Using Azure: Honeypot Deployment, Log Analytics, and Real-Time Attack Visualization
In today’s evolving cyber threat landscape, organizations and security professionals must proactively understand attack vectors and malicious behaviors to strengthen their defenses. This project aims to simulate a real-world Security Operations Center (SOC) environment using a free-tier Azure subscription, providing a cost-effective and educational platform for monitoring and analyzing cybersecurity threats.
The objective is to deploy a honeypot virtual machine (VM) in Azure that is intentionally exposed to the public internet, acting as bait for attackers. The honeypot will be configured to simulate vulnerable services (such as SSH or RDP) to attract brute force and unauthorized access attempts from malicious actors across the globe.
A Log Analytics Workspace will be set up and connected to the VM to collect security-relevant logs, including failed login attempts, network traffic, and system events. These logs will be forwarded to Microsoft Sentinel (SIEM) to perform security correlation, threat detection, and alerting.
Furthermore, the project will include the design of an interactive attack map that uses geolocation services to visualize the origin of detected attacks based on IP addresses. This map will present real-time insights into the geographic sources of threats targeting the honeypot, serving both as an analytical tool and a visual demonstration of global cyber activity.