OT SOC-in-a-Box
A containerized Security Operations Center for industrial control systems (OT/ICS), simulating a complete OT environment with a 7-phase attack simulation, custom Suricata IDS rules, Wazuh correlation rules, and automated SOAR incident response. Detections mapped to MITRE ATT&CK for ICS, NIST SP 800-82, and ISA/IEC 62443.
A containerized Security Operations Center built for industrial control systems (OT/ICS). It simulates a complete OT environment aligned with the Purdue Model and features a 7-phase attack simulation, custom Suricata IDS rules, Wazuh correlation rules, and automated incident response via SOAR. Detections are mapped to MITRE ATT&CK for ICS, NIST SP 800-82, and ISA/IEC 62443.
Key Features:
- Full OT/ICS environment simulation aligned with the Purdue Model
- 7-phase attack simulation pipeline
- Custom Suricata IDS rules for OT protocol anomaly detection
- Wazuh correlation rules for cross-layer threat detection
- Automated incident response via SOAR playbooks
- Detection coverage mapped to MITRE ATT&CK for ICS, NIST SP 800-82, and ISA/IEC 62443