Browse categories
Explore
Fiverr Pro
English
$
USD
I will setup soc ecosystem with wazuh thehive cortex misp
n8n and AI Workflow Automation Specialist
I build AI powered workflow automations that reduce manual work and turn messy inputs into clear reports, summaries, Slack updates, and reviewable outputs.
I work with n8n, Python, APIs, webhooks, Go...
About this Gig
I help build and improve defensive SOC/SOAR workflows using Wazuh, TheHive, Cortex, MISP, telemetry sources, detection logic, threat enrichment, dashboards, and analyst-ready documentation.
I can help with Wazuh SIEM/XDR setup, TheHive alert/case workflows, Cortex analyzer planning, MISP threat intelligence enrichment, endpoint/Linux/network/web/cloud log ingestion, AWS CloudTrail, GuardDuty, Sysmon, auditd, Osquery, Zeek, Suricata, Snort, detection tuning, false-positive review, alert-to-case workflows, IOC enrichment, dashboards, and SOC handoff notes.
My portfolio includes a 42+ documented AWS SOC/SOAR ecosystem connecting Wazuh, TheHive, Cortex, MISP, n8n, Slack, CloudTrail, GuardDuty, Sysmon, Zeek, Suricata, Snort, auditd, Osquery, dashboards, and MITRE ATT&CK-style investigation context.
Defensive security engineering only. Message me before ordering to confirm scope.
Cloud provider:
Amazon Web Services
Cloud computing resource:
Route53
•
VPC
•
Security Groups
•
DNS
•
Other
My Portfolio
FAQ
What SOC SOAR tools can you work with?
I can help with defensive SOC/SOAR workflows around Wazuh, TheHive, Cortex, MISP, Slack, n8n, AWS CloudTrail, GuardDuty, Sysmon, auditd, Osquery, Zeek, Suricata, Snort, and related telemetry or case workflow tools.
Can you set up Wazuh?
Yes. I can help with Wazuh SIEM/XDR setup or improvement, agent/log onboarding, rule or decoder review, alert tuning, dashboard visibility, and documentation. The exact scope depends on your environment and access.
Can you integrate TheHive Cortex and MISP?
Yes, where suitable. I can help design or build TheHive alert/case workflows, Cortex analyzer workflow support, and MISP threat intelligence enrichment. Access, versions, APIs, and environment readiness must be confirmed first.
Can you ingest logs from endpoints cloud or network tools?
Yes. I can help plan or configure telemetry from sources such as Windows endpoints, Linux logs, AWS CloudTrail, GuardDuty, Sysmon, auditd, Osquery, Zeek, Suricata, Snort, ModSecurity, or similar tools depending on your stack.
Can you tune noisy alerts?
Yes. I can help review noisy alerts, adjust rules or thresholds where suitable, document false-positive logic, and improve signal-to-noise. Final tuning depends on your real alert data and business risk tolerance.
Is this a full production SOC deployment?
Not by default. This gig is scoped by package and environment. I can build or improve specific SOC/SOAR components, lab environments, workflows, integrations, or documentation. Full production deployment requires custom scoping.
Do you provide offensive security or hacking?
No. This gig is defensive security engineering only: SIEM, SOC/SOAR workflows, monitoring, log ingestion, detection tuning, threat intelligence enrichment, case management, dashboards, and documentation.
Will you need access to my systems?
Implementation usually needs limited, approved access, a test environment, sample logs, API details, or screen-shared guidance. If access cannot be shared, I can work from sanitized data and provide architecture, workflow logic, and documentation.
Can you build this in AWS?
Yes. My portfolio includes an AWS-based SOC/SOAR ecosystem using Wazuh, TheHive, Cortex, MISP, CloudTrail, GuardDuty, telemetry sources, dashboards, and investigation workflows. Your AWS scope must be confirmed before ordering.
What should I send before ordering?
Send your tool stack, current SOC/SIEM setup, OS/cloud environment, log sources, goals, sample sanitized alerts/logs, integration needs, and whether you need planning, setup, tuning, case workflow, enrichment, or documentation.
