A modern Security Operations Center (SOC) dashboard built with Next.js, designed for real-time security event monitoring, AWS integration, and Cognito authentication.
🚨 Note: While building a custom SOC dashboard on AWS can be fun and provide a tailored UI/UX experience, it may not be the most practical approach if all security services are already hosted within AWS. This project explores the hybrid approach, where cloud services integrate with on-premise or external security sources.
-
Real-time Security Monitoring
- Live security event updates
- Event filtering and search
- Severity-based categorization
-
AWS Integration (For Cloud Security Events)
- GuardDuty security alerts
- SecurityHub compliance data
- CloudWatch Logs monitoring
-
Hybrid SOC Capabilities (For On-Premise & External Sources)
- API integration with external security feeds
- Custom log ingestion pipeline
- Multi-cloud visibility
-
Authentication & Security
- AWS Cognito authentication
- Protected routes & secure session management
-
Modern UI/UX
- Responsive design
- Dark/light mode support
- Interactive data visualization
- Frontend: Next.js, React, TypeScript
- Styling: Tailwind CSS
- Authentication: AWS Cognito
- Cloud Services: AWS GuardDuty, SecurityHub
- Real-time Updates: WebSockets
-
Clone the repository:
git clone https://github.com/paulinhx/soc-dashboard.git cd soc-dashboard -
Install dependencies:
npm install
-
Set up environment variables: Create a .env.local file in the root directory with the following variables:
NEXT_PUBLIC_AWS_REGION=your-region NEXT_PUBLIC_COGNITO_USER_POOL_ID=your-user-pool-id NEXT_PUBLIC_COGNITO_CLIENT_ID=your-client-id NEXT_PUBLIC_GUARDDUTY_DETECTOR_ID=your-detector-id
-
Run the development server:
npm run dev
Create a Cognito User Pool Enable GuardDuty for security threat detection Configure SecurityHub for compliance insights Update environment variables Hybrid SOC Setup (Optional but Recommended) Configure external SIEM logs (e.g., Splunk, Elastic, Graylog) Set up custom log ingestion (e.g., API gateway, S3, or self-hosted log collector) Enable multi-cloud security monitoring
Start the development server:
```bash
npm run dev
Open http://localhost:3000 in your browser Log in using your Cognito credentials View real-time security events & hybrid logs
This project is open for feedback, but contributions are not open yet.
AWS Documentation for GuardDuty, SecurityHub, Cognito Next.js Documentation for frontend development Tailwind CSS for modern UI styling Hybrid SOC Strategy for improving security beyond cloud environments
While AWS offers built-in security services, a fully cloud-hosted SOC dashboard might be redundant. Instead, this project explores how a hybrid security monitoring system can integrate on-premise logs, multi-cloud data, and AWS security insights into a single unified dashboard.