Skip to content

raphsec/firewall-log-analysis-lab

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Status Tools Platform Type Threats

Firewall Log Analysis & Threat Detection Lab

Project Overview

Blue Team SOC lab analysing pfSense firewall logs using Splunk Enterprise to detect real attack patterns.

Threats Detected

  • Port Scan — 192.168.1.105
  • SSH Brute Force — 185.220.101.45
  • Metasploit C2 Traffic — Port 4444

Tools Used

  • Splunk Enterprise 10.4.0
  • pfSense Firewall Logs
  • SPL Queries
  • Ubuntu Linux on VirtualBox

Skills Demonstrated

  • Firewall log ingestion into SIEM
  • SPL query writing for threat detection
  • Alert triage and incident documentation
  • SOC Tier 1 analyst workflow

Screenshots

Splunk Dashboard

Splunk Dashboard

Firewall Logs Ingested

Firewall Logs

Port Scan Detected

Port Scan

Brute Force Attack Detected

Brute Force

Metasploit C2 Traffic Detected

Metasploit

Incident Report

Incident Report

Analyst

Raphael Akro | raphsec.github.io

About

blue Team SOC lab detecting port scans, brute force and C2 traffic using Splunk and pfSense firewall logs

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors