Skip to content

dhillon65/security-log-correlation-engine

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Security Log Correlation Engine

A Python-based Security Log Correlation Engine that simulates core SIEM functionality by collecting logs from multiple sources, correlating events, detecting attack patterns, and generating an attack timeline.


Features

  • Multiple Log Sources
  • Event Correlation
  • Brute Force Detection
  • Privilege Escalation Detection
  • Attack Timeline Generation
  • JSON Reporting
  • Unit Testing

Project Structure

security-log-correlation-engine/
│
├── logs/
│   ├── firewall_logs.json
│   ├── auth_logs.json
│   └── system_logs.json
│
├── rules/
│   └── correlation_rules.json
│
├── reports/
│   └── attack_timeline.json
│
├── engine/
│   ├── __init__.py
│   ├── parser.py
│   ├── correlator.py
│   ├── detector.py
│   └── timeline.py
│
├── tests/
│   └── test_engine.py
│
├── main.py
├── requirements.txt
├── README.md
└── .gitignore

Installation

Clone the repository:

git clone https://github.com/dhillon65/security-log-correlation-engine
cd security-log-correlation-engine

Create virtual environment:

python -m venv venv

Activate environment:

Windows

venv\Scripts\activate

Linux

source venv/bin/activate

Install dependencies:

pip install -r requirements.txt

Running the Project

python main.py

Expected Output:

==================================================
SECURITY LOG CORRELATION ENGINE
==================================================

[+] Total Events Loaded: 10
[+] Attacks Detected: 2
[+] Timeline saved to reports/attack_timeline.json

Running Tests

Using unittest:

python -m unittest tests/test_engine.py

Or:

pytest

Detection Rules

Brute Force Attack

  • Five failed logins
  • Followed by successful login

Privilege Escalation

  • Successful login
  • Followed by privilege escalation event

Port Scan

  • Multiple connection attempts

Skills Demonstrated

  • SIEM Concepts
  • Detection Engineering
  • Event Correlation
  • Security Monitoring
  • Threat Detection
  • Python Programming
  • Log Analysis
  • Incident Response

Future Enhancements

  • MITRE ATT&CK Mapping
  • Sigma Rule Support
  • Risk Scoring
  • Real-Time Monitoring
  • Dashboard Visualization
  • Splunk Integration
  • Wazuh Integration
  • Elasticsearch Support

License

MIT License

About

A Python-based Security Log Correlation Engine that simulates core SIEM functionality by collecting logs from multiple sources, correlating events, detecting attack patterns, and generating an attack timeline.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages