Zoyel SOC — Security Operations Center

● LIVE  |  Last refresh:  |  Refresh Now
Infrastructure Overview
Wazuh Agents
Code Projects
SAST Vulnerabilities
Security Hotspots
IPs Banned (CrowdSec)
WAF Mode
Security Tools
Web Application Firewall
DETECT MODE
BunkerWeb
OWASP CRS v4.24 | Paranoia Level 2 | Anomaly threshold: 5/4
Open WAF Dashboard →
SIEM & Log Management
ACTIVE
Wazuh
FIM | Rootkit Detection | SCA | Vulnerability Scanner | — agents
Open SIEM Dashboard →
Network IDS
ACTIVE
Suricata
Passive capture mode | 50,132 rules | ET Open ruleset | Alerts → Wazuh
View NIDS Alerts →
IP Reputation
ACTIVE
CrowdSec
Community blocklist (200K+ contributors) | — IPs banned
CrowdSec Console →
DNS Filtering
ACTIVE
NextDNS
Strict DoT | Quad9 fallback | Threat intelligence + AI detection
Open NextDNS Dashboard →
Infrastructure Monitoring
ACTIVE
Prometheus + Grafana
CPU, Memory, Disk, Network | 6 security alert rules
Open Grafana →
Application Security (CI/CD)
SAST — Static Analysis
ACTIVE
SonarQube
projects scanned | Java, JS, Python, C#, Dart, Kotlin, PHP
Open SonarQube →
DAST — Dynamic Analysis
ACTIVE
OWASP ZAP
Baseline scan against live API endpoints
View DAST Reports →
CI/CD Pipelines
ACTIVE
Jenkins
27 pipelines | Checkout → Build → SAST → DAST | Manual deploy gate
Open Jenkins →
Active Protection Layers

🛡 Perimeter — WAF + CrowdSec + Suricata

Inbound traffic filtering, attack detection, IP reputation

WAF

🔎 Detection — Wazuh SIEM + FIM + 13 Alert Rules

File integrity, rootkit detection, vulnerability scanning, Slack alerts

SIEM

🌐 DNS — NextDNS + Quad9 (Strict DoT)

Malware domain blocking, phishing protection, DNS query logging

DNS

💻 Code — SonarQube SAST + OWASP ZAP DAST

Source code vulnerability scanning, live API attack testing

SASTDAST

🔐 PKI — Smallstep CA (Internal Certificates)

Internal service TLS, 90-day auto-rotation

Health

💾 Backup — Daily SIEM Backup to S3

Wazuh config, agent keys, Grafana, Prometheus, CrowdSec, Smallstep CA

Info
Quick Access — All Dashboards

BunkerWeb WAF Dashboard

https://waf.zoyel.one/admin

Open

Wazuh SIEM Dashboard

https://siem.zoyel.one

Open

Grafana Monitoring

https://siem.zoyel.one/grafana/

Open

SonarQube (SAST)

https://ci.zoyel.one

Open

Jenkins (CI/CD Pipelines)

https://ci.zoyel.one/jenkins/

Open

DAST Reports (OWASP ZAP)

https://ci.zoyel.one/reports/

Open

NextDNS Dashboard

https://my.nextdns.io/913e8c

Open

CrowdSec Console

https://app.crowdsec.net

Open
Credentials Reference
Service URL Username Password
BunkerWeb WAF waf.zoyel.one/admin admin Click to copy
Wazuh SIEM siem.zoyel.one admin Click to copy
Grafana siem.zoyel.one/grafana admin Click to copy
SonarQube ci.zoyel.one admin Click to copy
Jenkins ci.zoyel.one/jenkins zoyel_developer Click to copy
NextDNS my.nextdns.io/913e8c Your NextDNS account
Server Access (SSH)
Server IP SSH Command
WAF Instance 51.159.137.165 ssh -i zoyel-one-instances.pem root@51.159.137.165
SIEM Instance 51.159.181.206 ssh -i zoyel-one-instances.pem root@51.159.181.206
CI/CD Instance 151.115.144.142 ssh -i zoyel-one-instances.pem root@151.115.144.142
Protected Sites

api.zoyel.one

Primary API — proxied through WAF to LB 51.159.173.250

Test

waf.zoyel.one

WAF management dashboard

Open

siem.zoyel.one

Wazuh SIEM + Grafana + Smallstep CA

Open

ci.zoyel.one

SonarQube + Jenkins + DAST Reports

Open

soc.zoyel.one

This dashboard — Security Operations Center

Open
Compliance & Documentation

Threat Monitoring Policy (ISMS-SEC-TM-001 v2.0)

ISO 27001:2022 A.8.16 — Monitoring Activities

View

Web Filtering Policy (ISMS-SEC-WF-001 v2.0)

ISO 27001:2022 A.8.23 — Web Filtering

View
Zoyel Security Operations Center  |  Powered by BunkerWeb, Wazuh, CrowdSec, Suricata, SonarQube, Jenkins  |  All open-source