New: Wazuh + AI SOC lab (first public beta)

Josh Botz

5d • 🔔 Updates

Most security training is watching someone else do the work.

This isn't that.

Pull down the new lab and in a couple of hours you'll have:

- Stood up a production-shape Wazuh SIEM on AWS — 20 minutes, one script

- Run a controlled attack and investigated the chain manually in the dashboard

- Plugged an AI layer on top and re-run the same investigation in plain English

- Hunted for the three persistence backdoors the CloudVault attacker left in Course 2

- Written a custom detection rule that fires live on your own terminal

- Closed out a fresh incident with an evidence package for the SOC 2 audit

That's a week of work for most real teams. It's a resume line most SOC analysts I talk to can't claim. It's the "I actually built that" answer nobody else has in interviews.

"Start Here" and "AI Quick Wins" were the setup. This is the payoff — a real engagement where you stand up the SIEM, work the case, hunt what's left behind, close it out. If you haven't done the first two yet, run them first; ~30 minutes, and this one lands harder on the other side.

You're working the case alongside an AI-powered senior SOC peer (Mateo) — he stays in character, teaches while you work, and gets out of your way when you've got it. Costs about a coffee in AWS compute.

First public beta. If something breaks, feels off, or just confuses you — tell me:

- #Build Questions here in Skool (fastest)

- DM me

- GitHub issues: github.com/botz-pillar/ai-csl-wazuh-lab/issues

Repo: https://github.com/botz-pillar/ai-csl-wazuh-lab

Go build. Tell me what you find.

— Josh

2 comments