Security Operations Project | Log Analysis | Anomaly Detection
This project simulates a structured security log analysis workflow using SQL to detect anomalous authentication activity. The goal was to apply query-based filtering techniques to investigate suspicious login patterns and simulate a basic incident investigation process similar to Security Operations Center (SOC) workflows.
- Detected after-hours failed login attempts using conditional filtering.
- Applied AND, OR, NOT, and LIKE operators to isolate suspicious access patterns.
- Filtered login attempts based on specific dates to support incident timeline analysis.
- Applied geographic-based filtering to assess potential anomaly signals.
- Simulated basic incident triage logic using structured query analysis.
- Security Log Analysis
- Anomaly Detection
- Incident Investigation Workflow
- Authentication Log Monitoring
- Query-Based Threat Detection
- SQL
- Relational Database Queries
- Authentication Log Dataset
Authentication logs contain valuable indicators of suspicious behavior. Structured query analysis enables investigators to identify abnormal access patterns, correlate events across timelines, and support early-stage incident detection in security monitoring environments.
Detailed investigation scenarios and query explanations are available in the docs/ directory.
JM Mahalakshmi Cybersecurity Enthusiast | Security Operations | Log Analysis