In [1]:
import random
import datetime

# Simulated alert sources
alert_sources = ['Firewall', 'IDS', 'Antivirus', 'SIEM', 'Web Proxy']

# Simulated alert messages
alert_messages = [
    'Port scan detected',
    'Suspicious login attempt',
    'Malware signature match',
    'Unauthorized access to sensitive file',
    'Outbound connection to blacklisted IP',
    'Multiple failed login attempts',
    'Unusual data transfer volume'
]

# Severity assignment
def get_severity(msg):
    if 'login' in msg or 'data' in msg:
        return 'Medium'
    elif 'Malware' in msg or 'blacklisted' in msg:
        return 'High'
    else:
        return 'Low'


In [2]:
def generate_alerts(n=10):
    alerts = []
    for _ in range(n):
        source = random.choice(alert_sources)
        message = random.choice(alert_messages)
        severity = get_severity(message)
        timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        alerts.append({
            'timestamp': timestamp,
            'source': source,
            'message': message,
            'severity': severity
        })
    return alerts

# Generate and display
alerts = generate_alerts()
for alert in alerts:
    print(alert)


{'timestamp': '2025-07-03 17:20:16', 'source': 'IDS', 'message': 'Suspicious login attempt', 'severity': 'Medium'}
{'timestamp': '2025-07-03 17:20:16', 'source': 'Firewall', 'message': 'Port scan detected', 'severity': 'Low'}
{'timestamp': '2025-07-03 17:20:16', 'source': 'Antivirus', 'message': 'Outbound connection to blacklisted IP', 'severity': 'High'}
{'timestamp': '2025-07-03 17:20:16', 'source': 'Firewall', 'message': 'Suspicious login attempt', 'severity': 'Medium'}
{'timestamp': '2025-07-03 17:20:16', 'source': 'Antivirus', 'message': 'Malware signature match', 'severity': 'High'}
{'timestamp': '2025-07-03 17:20:16', 'source': 'Firewall', 'message': 'Suspicious login attempt', 'severity': 'Medium'}
{'timestamp': '2025-07-03 17:20:16', 'source': 'Antivirus', 'message': 'Unusual data transfer volume', 'severity': 'Medium'}
{'timestamp': '2025-07-03 17:20:16', 'source': 'IDS', 'message': 'Multiple failed login attempts', 'severity': 'Medium'}
{'timestamp': '2025-07-03 17:20:16', '

In [3]:
def handle_alert(alert):
    print(f"\n🔔 New Alert from {alert['source']} at {alert['timestamp']}")
    print(f"Message: {alert['message']}")
    print(f"Severity: {alert['severity']}")

    if alert['severity'] == 'Low':
        print("📄 Action: Logged for future analysis.\n")
    elif alert['severity'] == 'Medium':
        print("🔍 Action: Investigating the incident.\n")
    elif alert['severity'] == 'High':
        print("🚨 Action: Escalated to Tier 2 SOC Analyst!\n")

# Simulate analyst reviewing all alerts
for alert in alerts:
    handle_alert(alert)



🔔 New Alert from IDS at 2025-07-03 17:20:16
Message: Suspicious login attempt
Severity: Medium
🔍 Action: Investigating the incident.


🔔 New Alert from Firewall at 2025-07-03 17:20:16
Message: Port scan detected
Severity: Low
📄 Action: Logged for future analysis.


🔔 New Alert from Antivirus at 2025-07-03 17:20:16
Message: Outbound connection to blacklisted IP
Severity: High
🚨 Action: Escalated to Tier 2 SOC Analyst!


🔔 New Alert from Firewall at 2025-07-03 17:20:16
Message: Suspicious login attempt
Severity: Medium
🔍 Action: Investigating the incident.


🔔 New Alert from Antivirus at 2025-07-03 17:20:16
Message: Malware signature match
Severity: High
🚨 Action: Escalated to Tier 2 SOC Analyst!


🔔 New Alert from Firewall at 2025-07-03 17:20:16
Message: Suspicious login attempt
Severity: Medium
🔍 Action: Investigating the incident.


🔔 New Alert from Antivirus at 2025-07-03 17:20:16
Message: Unusual data transfer volume
Severity: Medium
🔍 Action: Investigating the incident.


🔔 New Al

In [4]:
import pandas as pd

# Convert alerts to DataFrame
df = pd.DataFrame(alerts)

# Save to CSV
df.to_csv('soc_alert_log.csv', index=False)
print("✅ Alert log exported as 'soc_alert_log.csv'")


✅ Alert log exported as 'soc_alert_log.csv'
