SOC-in-a-Box is a fully pre-configured Security Operations Center virtual machine.
What's running inside:
Wazuh — SIEM and EDR with pre-built detection rules, endpoint monitoring, and real-time alerting
DFIR-IRIS — Incident response case management with timeline analysis, IOC tracking, and evidence logging
MISP — Threat intelligence platform pre-integrated with Wazuh for automatic IOC enrichment
Grafana — Pre-built SOC dashboards visualizing alerts, system health, and trends.