Security Operations Center (SOC) Development for Metropolia Cybersecurity Courses
Shen, Jun (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025053018417
https://urn.fi/URN:NBN:fi:amk-2025053018417
Tiivistelmä
The cybersecurity courses at Metropolia University of Applied Sciences require a Security Operations Center. The objective of the final year project was to build a Security Operations Center for the cybersecurity courses for educational purposes. The Security Operations Center performs the role of monitoring, filtering and analyzing the network traffic for protecting network security. The requirement for the Security Operations Center for the cybersecurity courses was that it is operated in a virtual environment. The virtual environment is based on Proxmox.
The chosen solution for the Security Operation Center utilizes Security Onion, which is a platform that integrates the functions of network defending and monitoring tools.
The process of building the Security Operations Center involved the installation and configuration of Security Onion. Security Onion was installed in a virtual machine on Proxmox. Security Onion was configured with the login account, the IP address and the gateway for Security Onion with an accessible range of hosts and other related information. After the configuration, the operators have been able to access the Security Onion platform by the configured IP address on the local. After building the Security Operations Center, Security Onion has been able to capture data from other local hosts. The Security Onion platform displays data for the operators to investigate the network traffic.
In conclusion, the Security Operations Center for the cybersecurity courses at Metropolia UAS was built after the installation and configuration of Security Onion. The Security Operations Center performs essential functions. However, the configuration of Security Onion needs to be fine tuned to effectively display alerts.
The chosen solution for the Security Operation Center utilizes Security Onion, which is a platform that integrates the functions of network defending and monitoring tools.
The process of building the Security Operations Center involved the installation and configuration of Security Onion. Security Onion was installed in a virtual machine on Proxmox. Security Onion was configured with the login account, the IP address and the gateway for Security Onion with an accessible range of hosts and other related information. After the configuration, the operators have been able to access the Security Onion platform by the configured IP address on the local. After building the Security Operations Center, Security Onion has been able to capture data from other local hosts. The Security Onion platform displays data for the operators to investigate the network traffic.
In conclusion, the Security Operations Center for the cybersecurity courses at Metropolia UAS was built after the installation and configuration of Security Onion. The Security Operations Center performs essential functions. However, the configuration of Security Onion needs to be fine tuned to effectively display alerts.