A containerized Security Operations Center built for industrial control systems (OT/ICS). It simulates a complete OT environment aligned with the Purdue Model and features a 7-phase attack simulation, custom Suricata IDS rules, Wazuh correlation rules, and automated incident response via SOAR. Detections are mapped to MITRE ATT&CK for ICS, NIST SP 800-82, and ISA/IEC 62443.

Key Features:

• Full OT/ICS environment simulation aligned with the Purdue Model
• 7-phase attack simulation pipeline
• Custom Suricata IDS rules for OT protocol anomaly detection
• Wazuh correlation rules for cross-layer threat detection
• Automated incident response via SOAR playbooks
• Detection coverage mapped to MITRE ATT&CK for ICS, NIST SP 800-82, and ISA/IEC 62443