Skip to content

AVSS-4/SIEM-Log-Monitoring-Simulation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
detections
detections
 
 
logs
logs
 
 
report
report
 
 
screenshots
screenshots
 
 
README.md
README.md
 
 

Repository files navigation

SIEM Log Monitoring & Incident Investigation Simulation

Overview

This project demonstrates a simulated Security Information and Event Management (SIEM) investigation performed in a controlled laboratory environment. The objective was to analyze security logs, correlate events, identify suspicious activity, and document findings through a structured incident investigation process.

The investigation focused on detecting indicators of compromise, analyzing authentication events, and assessing potential security risks associated with unauthorized access attempts.

This project simulates a SOC analyst investigation workflow, including event correlation, timeline construction, threat identification, and incident reporting based on realistic security event data.

Project Scenario

A series of suspicious authentication events were identified involving repeated failed login attempts against an administrative account. Following these attempts, a successful login was recorded from the same source IP address. Additional activities including privilege escalation, administrative account creation, and access to sensitive files were observed and investigated.

Objectives

  • Analyze security event logs for suspicious activity.
  • Perform event correlation to establish relationships between events.
  • Construct an incident timeline.
  • Identify potential indicators of compromise (IOCs).
  • Assess the security impact of observed activities.
  • Develop recommendations to improve security posture.

Tools & Technologies

  • Security Event Logs
  • SIEM Concepts & Event Correlation
  • Incident Investigation Methodology
  • Microsoft Word
  • GitHub

Investigation Workflow

Log Collection
      ↓
Authentication Analysis
      ↓
Event Correlation
      ↓
Timeline Construction
      ↓
Incident Investigation
      ↓
Findings & Recommendations

Key Findings

  • Brute-force authentication activity detected.
  • Successful login observed following repeated authentication failures.
  • Privilege escalation activity identified.
  • Unauthorized administrative account creation detected.
  • Potential data exfiltration indicators observed.

Skills Demonstrated

  • Security Event Monitoring
  • Log Analysis
  • Event Correlation
  • Incident Investigation
  • Threat Detection
  • Brute-Force Attack Analysis
  • Privilege Escalation Analysis
  • Security Reporting
  • Incident Documentation

Investigation Evidence

Authentication Activity

Authentication Activity

Privilege Escalation Activity

Privilege Escalation

Persistence Activity

Persistence Activity

Potential Data Exfiltration

Data Exfiltration

Report

The complete investigation report is available below:

Incident Investigation Report

Disclaimer

This project was conducted in a simulated laboratory environment for educational, research, and defensive cybersecurity purposes only. All logs, events, and investigation activities were generated as part of a controlled security monitoring exercise.

About

SOC analyst investigation simulation involving event correlation, threat detection, incident analysis, and security reporting.

Topics

log-analysis incident-response siem soc blue-team cyberse threat-detection security-monitoring soc-analyst

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors