I’m building hands-on SOC projects focused on endpoint telemetry → SIEM detections → alert triage → incident write-ups.

SOC Detection Lab (Elastic SIEM + Fleet + Sysmon)
Repo : https://github.com/karansoni8/soc-lab-elastic-sysmon

What I built:

• Windows Sysmon telemetry shipped via Elastic Agent + Fleet
• Custom detections (KQL) + alert validation
• Triage workflow + incident report writeups
• Troubleshooting notes (ports, services, agents)

Tech: Elastic Stack, Kibana Security, Fleet, Sysmon, Windows, Linux, KQL

LinkedIn : https://www.linkedin.com/in/karan-soni-4b56a11b4/