WUR has built an on premise SOC infrastructure based on open source technology in addition to SURFsoc. The goal was to create a cost effective, scalable solution which has gotten much more relevant in the current geopolitical situation.
It consists of a log platform to distribute and enrich logs, SIEM, detection engine based on Sigma, an alert enrichment engine and a Security Incident Response Platform (SIRP). We have collaborated on this with several other universities like Leiden, Delft and UvA.
We'll present what we have, what works and what doesn't.