The most valuable part of building my AI-SOC platform wasn't Elasticsearch. It wasn't FastAPI. It wasn't even the detection engine. It was troubleshooting. During development, I encountered: • Infrastructure instability • VPS migration challenges (very bad experience with Hetzner provider for VPS) • Authentication failures • Elasticsearch index mismatches • Event parsing issues • Database persistence problems At one point, everything appeared healthy: API returned 200 OK. Det

Building security tools is relatively easy. Building a platform that can detect, investigate, enrich, and explain security incidents is much harder. Over the past weeks, I started building an AI-SOC platform from the ground up. The objective is not simply to collect logs. The objective is to transform raw security telemetry into actionable intelligence. Current Phase 1 capabilities: • Windows Event Collection • Elasticsearch-Based Storage • Detection Engine • Incident Generat

I’ve been working on designing a lightweight SOC (Security Operations Center) platform that simulates real-world detection, alerting, and monitoring workflows. This project is not just a dashboard; it includes a full detection pipeline from log ingestion to incident visualization. Phase 1 – Detection Engine (Elasticsearch) I integrated the backend with Elasticsearch (Winlogbeat logs) and implemented detection logic for failed authentication events: Event ID: 4625 (Windows fa