Skip to content

tylerbcrawford/vsi-splunk-siem

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 

Repository files navigation

Splunk Windows Server Apache Ubuntu

VSI Splunk SIEM

Custom SIEM built in Splunk for a fictional company (Virtual Space Industries). Team of three acting as SOC analysts, UofT cybersecurity program (2024).

The Setup

We ingested logs from a Windows Server and an Apache web server into Splunk, built dashboards and alerts, then had simulated attacks thrown at us to see if our detection rules would catch them.

What We Built

  • Baseline reports — established normal traffic patterns first (peak hours, typical HTTP methods, geographic distribution) so we'd actually know when something looked wrong
  • Custom alerts — brute-force login detection on the Windows server (threshold: 5 failed logins in 10 minutes), SQL injection pattern matching on Apache, and a volumetric DoS alert based on request rate anomalies
  • Attack dashboards — real-time panels showing failed auth attempts by source IP, HTTP response code distribution, and geographic heat maps of suspicious traffic

What We Caught

The simulated attacks hit both servers. Our Splunk alerts fired on the brute-force attempts and the SQLi payloads. The DoS detection worked but needed threshold tuning — the initial alert was too sensitive and would have generated noise in production. We documented the false positive analysis and adjusted the thresholds in our recommendations.

Tools

Splunk Enterprise, Windows Server 2019, Ubuntu Server (Apache), Wireshark, Python

Report

Full SIEM implementation report with dashboard screenshots and detection analysis: SIEM Implementation Report (PDF)

Context

SOC analyst simulation project for UofT's cybersecurity certificate program.

About

Custom Splunk SIEM — brute-force detection, SQL injection alerts, incident response (UofT Cybersecurity)

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors