Open-Source Security Operations
Enterprise-grade Security Operations, built entirely on free, open-source tools. Bridging the gap between those who can afford security — and those who can't.
The Vision
Enterprise companies run full-scale Security Operations Centres with tools costing more than a deposit on a house. Meanwhile, small to medium businesses rely on basic antivirus and hope for the best.
This project exists to close that gap — showing that you can build a functional, realistic SOC environment using only free, open-source tooling. Logs collected. Suspicious activity detected. Alerts enriched with real threat intelligence. Incidents tracked properly, not left to gather dust in a dashboard.
The name reflects a simple truth — this project stands as the bridge between those who can afford enterprise security, and those who can't.
It takes you from "something might be wrong" to "here's what's wrong, why it matters, and exactly what to do next" — without spending a penny on licensing.
The Tools
Instead of one expensive "do everything" platform, this project uses a focused stack where each tool is best-in-class at its specific role.
| Solution | Cost (Approx) | What you get |
|---|---|---|
| MSSP "SIEM" subscription | £120k–£240k / year | Repackaged open-source tooling with a support contract |
| Enterprise Security Stack | £20k–£100k+ / year | Full ecosystem — if you can actually afford it |
| The Bridge Between | £0 licensing + ~£500 hardware | Fully functional SOC stack on a couple of second-hand mini-PCs. One-off cost. |
Use Cases
Each scenario is fully documented with payloads, timelines, and MITRE mappings — automated detection to enriched incident in seconds, not hours.
Teaching
Every decision in this project is documented with the intent of teaching. Whether you're a student, a small business owner, or a career-changer — this is meant for you.
Roadmap
The bridge is still being built. Here's what's coming next.