Dockerized Security Stack: Portable SOC Deployment with Docker Compose

Services

15min

Full Deploy Time

Docker

Orchestration

Portable

Any Linux Host

Problem

Standing up a full SOC stack from scratch takes days of manual installation and configuration. For lab environments, disaster recovery testing, and rapid deployment scenarios, a containerized stack that can be deployed in 15 minutes provides enormous value.

Docker Compose Architecture

# docker-compose.yml structure
services:
  wazuh-manager:      # HIDS + SIEM rule engine
  wazuh-indexer:      # Elasticsearch-based storage
  wazuh-dashboard:    # Kibana-based investigation UI
  thehive:            # Case management platform
  cortex:             # Automated analysis (VT, MISP lookups)
  misp:               # Threat intelligence sharing

networks:
  soc-network:        # Isolated internal network
  management:         # Admin access only

volumes:
  wazuh-data
  elasticsearch-data
  thehive-data
  misp-data

Deployment Commands

# Clone and deploy
git clone https://github.com/asadnoor951/dockerized-soc-stack
cd dockerized-soc-stack

# Configure environment
cp .env.example .env
vim .env  # Set passwords, API keys

# Deploy full stack
docker compose up -d

# Verify all services
docker compose ps

# Access services:
# Wazuh Dashboard: https://localhost:443
# TheHive: http://localhost:9000
# MISP: https://localhost:8443

Results

Full SOC stack deployment in under 15 minutes on any Linux host
Automated integration between Wazuh alerts and TheHive case creation
MISP threat intelligence feeds integrated into alert enrichment pipeline
Portable — runs on bare metal, VMware, Proxmox, or cloud VMs

🛠[Screenshot: Dashboard / Architecture diagram for Dockerized Security Stack: Portable SOC Deployment with Docker Compose]

View All Projects Work With Me View Resume