RETURN_TO_INDEX
[OP_02]// PERSONAL LAB // ra-sys-io/GitHub

Wazuh Home Lab — SIEM/XDR

Four-machine home lab built around Wazuh. An Ubuntu-hosted SIEM/XDR watches a Docker-based Debian web server running OWASP Juice Shop. Windows 11 endpoint and Kali attacker are next on the roadmap.

YEAR
2025
DURATION
In progress
ROLE
Solo — Architect → Deploy → Instrument → Attack Sim (WIP)
SCOPE
Wazuh SIEM/XDR · 4-VM architecture · Docker · OWASP Juice Shop
4-VM
ARCHITECTURE
6
MILESTONES_DONE
WIP
ROADMAP_ACTIVE
[01]

Briefing

Purpose: build a hands-on SOC learning environment that covers the full detection lifecycle — log ingest → detect → triage → respond. Wazuh gives me an open-source, fully-inspectable SIEM/XDR stack to grow with.

[02]

Approach

  1. 01Architecture: designed a 4-machine model — Wazuh Server (SIEM), Debian web server (target), Windows 11 endpoint (planned), Kali Linux (attacker).
  2. 02SIEM stack: deployed Wazuh Manager + Indexer + Dashboard on Ubuntu Server. All three components healthy and reachable.
  3. 03Target build-out: stood up Debian web server, hardened, then layered Docker, an NGINX reverse proxy, and OWASP Juice Shop as a purposely-vulnerable web app for detection practice.
  4. 04Agent instrumentation: installed and configured the Wazuh Agent on the web server. Logs flow into the SIEM in real time.
  5. 05Next milestones (roadmap): Windows 11 + Sysmon, Kali attacker, Suricata NIDS, custom Wazuh rules, web + Windows attack simulations, threat hunting scenarios, MITRE ATT&CK mapping, and active response.
[03]

Outcome

  • Fully-deployed Wazuh SIEM/XDR platform (Manager + Indexer + Dashboard) on Ubuntu.
  • Debian web server operational with Docker + NGINX reverse proxy fronting OWASP Juice Shop.
  • Wazuh Agent instrumented and reporting; SIEM ingesting live web-server telemetry.
  • Architecture diagram and step-by-step deployment guides committed to the repo for reproducibility.
[04]

Testimonial

“SIEM isn't just a tool — it's a discipline. This lab is where the discipline gets its reps.”

— Notes // Richie Akpan
RA_SYS. // RICHIE_AKPAN
security.txt
© 2026 // ALL_SIGNALS_ENCRYPTED