The ESH-SOC is a commercial Security Operation Center operated by and within the Eindhoven University of Technology. The ESH-SOC's ambition is to integrate research and education with security operations in both IT and IoT/OT settings. To ensure timely and accurate detection of threats and attacks against our customer base, the ESH-SOC focuses on two main activities:

• Development and improvement of state-of-the-art detection tools and techniques: This involves, for example, development of attack signatures for Zeek/Suricata threat detection; development of Kibana dashboard and security playbooks; platform tuning (ELK), and threat intel integration. The student may, if they wish, express a preference to work primarily on the threat detection technology (IDS systems) or on the infrastructure (ELK backend).
• Security monitoring: This activity concerns the employment of the aforementioned technologies to support the detection and investigation of security incidents in the monitored environments. This includes the (live or forensic) analysis of security events, identification of affected assets, reconstruction and reporting of attack development, and (system) impact.

Security monitoring and analysis; technology development and security operations at the ESH-SOC

All assignments offered by the ESH-SOC span both domains and offer students the opportunity to focus on one aspect of development (e.g. infrastructure/backend, use-case development) while having a deep-dive in security operations through monitoring activities. This setup allows the student to specialize in a specific set of skills and expertise, while not losing sight of the broader context and processes in which those technologies operate.

• Tools, methods, and concepts that are relevant to this project: Security Onion, Elastic Stack, Kibana, Suricata, Zeek, intrusion detection methods (rule/anomaly-based), threat intelligence.
• Some expertise in at least one of the above tools/methods/concepts is required. The capability of working in teams is a must.
• The expected outcome for the student: develop in-depth knowledge and expertise on technologies for security monitoring; build substantial expertise as a security analyst capable of recognizing, investigating, contextualizing, and reporting relevant security incidents.
• Contact Luca Allodi (l.allodi@tue.nl) for details on available projects.