SOC Documentation

Here lies the documentation of the Student run Security Operations Center at the California Polytechnic State University, Pomona.

Contents:

• Volunteering Opportunities
  • 📚 Contribute to Our Documentation!
• Getting Started (Updated August 2025)
  • Introduction
  • VPN Access Setup
  • Accessing Kamino
• Splunk
  • What you can do with Splunk:
  • How to setup a Splunk Server
  • How to setup the Splunk Universal Forwarder
  • How to setup a Splunk Deployment Server
• Splunk Lab
  • Overview
  • Lab Structure
  • Setup
  • Tips
  • Task 1 - Setting up Splunk Enterprise Server
  • Task 2 - Forwarding Logs from a Windows Machine to your Splunk Server
  • Task 3 - Forwarding Logs from a Ubuntu Client to your Splunk Server
  • Task 4 - Generating Custom Log Sources
  • Task 5 - Custom Indexes
  • What’s next?
• AD + Splunk Lab
  • Introduction
  • Lab Objectives
  • Requirements
  • Primary Domain Controller
  • Windows Client - 1
• Missile Map
  • Background
  • Initial Challenges with VPN Log Queries
  • Portal Types Overview
  • Security Concerns with the Legacy Portal
  • Improved Log Fingerprinting for True Successes
  • Missile Map Implementation (Geographic VPN Visualization)
  • Data Anomalies & Lessons Learned
  • Summary