This project simulates a beginner-level SOC (Security Operations Center) analyst workflow. It includes system log collection, simulated attacks, detection using basic tools, and a mini incident response report.
- Collect logs from a Linux/Windows test machine.
- Simulate attacks (failed SSH logins, nmap scan, brute-force).
- Analyze logs using Wireshark and Splunk.
- Write an incident report on the findings.
- Kali Linux
- Wireshark
- Splunk (Free Tier)
- Nmap
- SSH server
- VirtualBox/VMware
-
Setup & Logging
- Configured SSH on Linux.
- Enabled logging.
- Installed and configured Splunk to receive logs.
-
Attack Simulation
- Performed failed SSH login attempts.
- Conducted a port scan using
nmap. - Tried a basic brute-force with
hydra.
-
Analysis
- Captured packets with Wireshark.
- Detected malicious behavior in logs.
- Created dashboards in Splunk (screenshots included).
-
Response
- Documented how to block IPs, notify users, and clean systems.
Screenshot folder:
outputs/screenshots/Log files:outputs/logs/Report PDF:incident_report.pdf
Figure 1: Screenshot showing multiple failed SSH login attempts as captured in logs.
- Automate with bash or Python in future versions.
- Integrate more tools (Wazuh, Suricata, ELK).