-
Building a Threat Intelligence Dashboard in Splunk with AlienVault OTX
For the ECA Cyber Range Splunk Security Dashboard Challenge, I built a CTI dashboard that correlates AlienVault OTX threat intelligence against live Sysmon endpoint telemetry. The idea is simple. OTX publishes malicious IPs, domains, file hashes, and adversary TTPs. Sysmon captures everything happening on your Windows endpoints. The dashboard joins those two data sources and…
-
Suricata ET Noise
A couple weeks ago I installed an intrusion detection system, Suricata, on my home network to see if anything interesting showed up through Splunk. Now, my goal isn’t to monitor every single website that my family uses. Rather, see if the host devices are doing anything that they should not be doing. I started off…
-
Installing a NIDS on a Raspberry PI 4 with Splunk Dashboard
Over the weekend, I noticed I had a spare Raspberry Pi lying around (actually, several PIs) and installed Suricata as a NIDS on it. This is a fresh install of Ubuntu 25.10 on a Raspberry PI 4B 4 GB sudo apt update sudo apt upgrade sudo apt install -y suricata suricata -V Edit /etc/suricata/suricata.json Put…
Philip Zangara
SOC Analyst | Blue Team · Detection Engineering | Splunk · Suricata · MITRE ATT&CK
About me
I build detection infrastructure and hunt threats in my home lab because I want to understand what’s actually on a network, not just what the tools say.
My work includes a Splunk CTI dashboard correlating AlienVault OTX threat intelligence against live Sysmon telemetry, and a Suricata NIDS on a Raspberry Pi 4 forwarding alerts to Splunk via a port-mirrored switch.
Currently seeking SOC Analyst and MDR roles focused on detection engineering and incident response.
Philip Zangara
SOC Analyst