Data Loss Prevention Lab

security, dlp, homelab, detection, wazuh, suricata, siem

Data Loss Prevention (DLP) Lab

Repository: https://github.com/alexbakertech/DLP-Practice

Overview

This project is a production-modeled Data Loss Prevention environment designed to validate whether sensitive data exfiltration can be detected, correlated, and proven across both network and endpoint layers.

It focuses on evidence-based security controls rather than dashboard-driven alerts.

Architecture

Windows endpoints generate and handle sensitive data which is forced through pfSense and Suricata inline inspection before reaching external systems. Wazuh provides endpoint telemetry, file integrity monitoring, and SIEM correlation.

Controls

Network DLP via Suricata
Endpoint DLP via Wazuh
Segmentation via pfSense VLANs
Evidence via logs, PCAPs, and alerts

Validation

Seeded sensitive data is exfiltrated using controlled scenarios including file transfers and removable media. Each test produces correlated network and endpoint evidence.

Evidence

All configs, captures, reports, and documentation are available in the repository: https://github.com/alexbakertech/DLP-Practice