This repository features a collection of hands-on projects focused on analyzing different types of logs using Splunk SIEM. Each project includes clear, step-by-step guidance on uploading sample log files, conducting targeted analysis, and extracting meaningful insights from various log sources.
π Overview
These projects are designed for:
-
SOC Analyst training
-
Cybersecurity students and beginners
-
Anyone learning Splunk SIEM fundamentals
-
Hands-on practice with log analysis and detection techniques
Each project includes:
β Sample log files
β Data onboarding steps
β SPL (Search Processing Language) queries
β Analysis walkthroughs
β Security insights and detection examples
π Project List
- Analyzing DNS Logs Using Splunk SIEM: This project provides a step-by-step guide for analyzing DNS (Domain Name System) log files using Splunk SIEM. It covers uploading sample log files, extracting relevant fields, analyzing DNS query patterns, detecting anomalies, and monitoring DNS traffic.
- Analyzing FTP Logs Using Splunk SIEM: This project guides you through analyzing FTP (File Transfer Protocol) log files using Splunk SIEM. It includes steps for uploading sample log files, extracting fields, analyzing FTP activity patterns, detecting anomalies, and monitoring FTP traffic.
- Analyzing HTTP Logs Using Splunk SIEM: This project outlines the process of analyzing HTTP (Hypertext Transfer Protocol) log files using Splunk SIEM. It covers uploading sample log files, extracting relevant fields, analyzing HTTP request patterns, detecting anomalies, and monitoring HTTP traffic.
- Analyzing SSH Logs Using Splunk SIEM: This project provides a comprehensive guide for analyzing SSH (Secure Shell) log files using Splunk SIEM. It includes steps for uploading sample log files, extracting fields, analyzing SSH activity patterns, detecting anomalies, and correlating SSH logs with other data sources.
- Analyzing Tunnel Logs Using Splunk SIEM: This project demonstrates how to analyze tunnel log traffic (e.g., GRE, IPv4, IPv6) from Zeek IDS using Splunk SIEM. It covers uploading sample log files, performing analysis, detecting anomalies, and correlating tunnel logs with other logs for enhanced threat detection.
- Analyzing SMTP Logs Using Splunk SIEM: This project provides a structured approach for analyzing SMTP (Simple Mail Transfer Protocol) log files using Splunk SIEM. It includes steps for uploading sample log files, extracting fields, analyzing email traffic patterns, detecting anomalies, and monitoring SMTP activity.
- Analyzing DHCP Logs Using Splunk SIEM: This project offers guidance on analyzing DHCP (Dynamic Host Configuration Protocol) log files using Splunk SIEM. It covers uploading sample log files, extracting fields, analyzing IP address assignments, detecting anomalies, and monitoring DHCP traffic.
π€ Contributing
Contributions, improvements, and additional log samples are welcome! Feel free to open an issue or submit a pull request.
π§ Contact
Hassen Hannachi GitHub: @HannachiHassen LinkedIn available upon request