Homemade SOC Investigation Console Built on Repurposed Dell Hardware

A security professional has built a complete SOC investigation console using two old Dell computers. The setup includes one Dell Inspiron running Docker with Elasticsearch, Kibana, and Fleet Server, and a Dell E7250 running Proxmox with pfSense/Suricata, a Kali VM, and a Windows 10 victim machine generating telemetry via Atomic Red Team techniques. The system features a custom tool called Argus, which applies 96 MITRE-mapped detection rules, scores behaviors, and groups them into cases with a React-based frontend for investigation. It also integrates AI for case summaries, behavior briefings, and a hunt workbench with pre-built queries. Future plans include cross-layer correlation between Sysmon and Suricata data and a MITRE coverage map.