Azure Honeypot Lab

This lab walked through the full lifecycle of a cloud honeypot: provisioning intentionally exposed infrastructure, building a centralized SIEM pipeline with Log Analytics and Sentinel, visualizing attacker origins on a live geo map, hardening the system through defense-in-depth, and finally wiring an automated playbook to detect and block attackers at the NSG level without any manual step.

Each component — the NSG, Windows Firewall, AMA connector, GeoIP watchlist, analytics rule, Logic App, and automation rule — was configured to serve a specific purpose within the detection and response chain. The end result is a working SOC workflow running entirely in Azure, from raw log ingestion to automated firewall enforcement.