Skip to content
View karansoni8's full-sized avatar
1 follower · 1 following

Highlights

  • Pro

Block or report karansoni8

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
karansoni8/README.md

Hi, I'm Karan Soni

IT Support β†’ SOC | Building detection labs, documenting everything.

LinkedIn Location

πŸ”­ What I'm Building

Project Stack Status
SOC Detection Lab Elastic SIEM Β· Fleet Β· Sysmon Β· KQL βœ… Live
Active Directory Attack Lab Windows Server Β· AD DS Β· BloodHound πŸ”¨ In Progress
PowerShell IT Automation PowerShell Β· AD Β· Azure AD πŸ”¨ In Progress

πŸ› οΈ Tech Stack

Security & SIEM

Elastic Stack Kibana Sysmon

Infrastructure

Active Directory Azure AD Windows Server

Scripting & Networking

PowerShell Linux CCNA

πŸ“Œ Currently

  • πŸ”­ Expanding SOC lab with MITRE ATT&CK framework detection mapping
  • πŸ“– Studying for Cisco CCNA
  • 🎯 Targeting SOC Analyst / IT Security roles in Ontario, Canada

🧱 Featured Lab β€” SOC Detection Pipeline

Windows 10 (Sysmon + Elastic Agent)
    ↓ enroll/policy
  Fleet Server
    ↓ ingest
  Elasticsearch
    ↓ search/visualize
  Kibana Security β†’ Alerts β†’ Triage β†’ Incident Report

3 custom KQL detections Β· 1 full incident report (INC-0001) Β· Full architecture + troubleshooting docs

β†’ View the full lab β†’

Open to IT support, helpdesk, and cybersecurity opportunities across Ontario.

Pinned Loading

  1. soc-lab-elastic-sysmon soc-lab-elastic-sysmon Public

    SOC detection lab using Elastic SIEM + Fleet + Sysmon with detections, alerts, incident write-ups, and troubleshooting.

    1 1