A beginner-friendly SOC Analyst project that analyzes authentication logs and detects suspicious activity such as brute-force login attempts, failed login spikes, successful logins after multiple failures, and suspicious IP addresses.
- Log analysis
- Brute-force detection
- Python scripting
- Incident triage
- Alert reporting
- Basic threat hunting
security_log_analyzer.py- Main Python scriptsample_logs/auth.log- Sample Linux authentication logreports/alerts_report.txt- Output report created after running the toolrequirements.txt- Python requirements
python security_log_analyzer.py sample_logs/auth.log- Multiple failed login attempts from the same IP
- Successful login after failed attempts
- Invalid user login attempts
- Suspicious IP activity
SECURITY LOG ANALYZER REPORT
Total failed logins: 8
Total successful logins: 2
Suspicious IPs:
192.168.1.50 - 6 failed attempts
10.0.0.25 - 2 failed attempts
SOC Analysts review logs every day to identify suspicious behavior. This project shows that you understand how to collect log data, search for attack patterns, and create a simple incident report.