An implementation of multiple security platforms with automatic deployment, that requires little to no configuration to make functional. Resulting in a set of operational security collaboration tools fit for a Security Operation Center (SOC). The environment runs in OpenStack instances, and includes configuration and deployment of Ansible, Kubernetes, Docker, TheHive, Ghidra SRE, MISP, Autopsy, ElasticSearch, MariaDB, Solr, ActiveMQ, and NFS.
The platform is written as Infrastructure as Code (IaC) to simplify configuration and deployment of all the services mentioned above. The result is a platform which makes it easier to implement, manage, and scale security tools.
Thesis location (Norwegian): https://ntnuopen.ntnu.no/ntnu-xmlui/handle/11250/2976415