SOC Platform Preset
The SOC Platform preset deploys a full-featured Security Operations Center stack: Elastic, Wazuh, Caldera, TheHive, Grafana, n8n, and Shuffle SOAR — all pre-wired.
This is the flagship preset. It takes 15–20 minutes to deploy and costs approximately $1.50–$2.50/hour on GCP (us-east1). All tools are pre-integrated: Wazuh ships alerts to Elastic, Caldera can target internal VMs, and n8n connects everything via webhook triggers.
Included tools
Elastic Stack
SIEM
Core log ingestion and correlation platform
Wazuh
XDR
Endpoint monitoring, FIM, vulnerability detection
MITRE Caldera
Red Team
Automated ATT&CK emulation for detection testing
TheHive
Case Mgmt
Incident case management and collaboration
Grafana + Prometheus
Monitoring
Infrastructure and tool performance metrics
n8n
Automation
Workflow automation connecting all tools via webhooks
Shuffle SOAR
SOAR
Pre-built security playbooks for alert triage and response
Use cases
Blue Team training
Practice detection and response with real tools in a safe lab
Detection engineering
Write and test Elastic detection rules against simulated Caldera attacks
SOC demos
Show stakeholders a working SOC without weeks of setup
Purple team exercises
Run attacks with Caldera and validate detection with Elastic/Wazuh simultaneously
✓
Want to try this preset? Open the plan form and select the SOC Platform quick start preset.