Philip Zangara

SOC Analyst | Blue Team · Detection Engineering | Splunk · Suricata · MITRE ATT&CK

  • The Simple Series: Python Tools for Blue Team Triage

    Building detection tools before landing a security job is one way to close the experience gap. The Simple series came out of that approach. Three Python CLI tools, each solving a specific triage problem, each designed to be small enough to understand completely and useful enough to run against real data. Simple Phishing Analyzer Phishing…

  • Linux Security Monitoring with OpenSCAP and Splunk

    A few months ago I started building out a home lab focused on detection engineering. This project covers Linux SIEM monitoring with Splunk and OpenSCAP on a hardened Ubuntu 24.04 VM with detections mapped to MITRE ATT&CK. The starting point is OpenSCAP, an open source tool that evaluates a system against a security benchmark and…

  • Building a Threat Intelligence Dashboard in Splunk with AlienVault OTX

    For the ECA Cyber Range Splunk Security Dashboard Challenge, I built a CTI dashboard that correlates AlienVault OTX threat intelligence against live Sysmon endpoint telemetry. The idea is simple. OTX publishes malicious IPs, domains, file hashes, and adversary TTPs. Sysmon captures everything happening on your Windows endpoints. The dashboard joins those two data sources and…

  • Suricata ET Noise

    A couple weeks ago I installed an intrusion detection system, Suricata, on my home network to see if anything interesting showed up through Splunk. Now, my goal isn’t to monitor every single website that my family uses. Rather, see if the host devices are doing anything that they should not be doing. I started off…

  • Installing a NIDS on a Raspberry PI 4 with Splunk Dashboard

    Installing a NIDS on a Raspberry PI 4 with Splunk Dashboard

    Over the weekend, I noticed I had a spare Raspberry Pi lying around (actually, several PIs) and installed Suricata as a NIDS on it. This is a fresh install of Ubuntu 25.10 on a Raspberry PI 4B 4 GB sudo apt update sudo apt upgrade sudo apt install -y suricata suricata -V Edit /etc/suricata/suricata.json Put…

About me

I build detection infrastructure and hunt threats in my home lab because I want to understand what’s actually on a network, not just what the tools say.

My work includes a Splunk CTI dashboard correlating AlienVault OTX threat intelligence against live Sysmon telemetry, and a Suricata NIDS on a Raspberry Pi 4 forwarding alerts to Splunk via a port-mirrored switch.

Currently seeking SOC Analyst and MDR roles focused on detection engineering and incident response.

Philip Zangara

SOC Analyst