Skip to content
/ vsi-splunk-siem Public

Developed a custom SIEM solution using Splunk for Virtual Space Industries. As part of a team of three SOC analysts, monitored critical systems, detecting simulated cyberattacks like brute-force logins and SQL injections. Provided recommendations to enhance security posture, demonstrating expertise in security monitoring and incident response.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tylerbcrawford/vsi-splunk-siem

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
SIEM_Implementation_Report.pdf
SIEM_Implementation_Report.pdf
 
 

Repository files navigation

Custom SIEM Solution for Virtual Space Industries Using Splunk

Introduction

This project involves the development and analysis of a custom Security Information and Event Management (SIEM) solution using Splunk to protect the fictional organization, Virtual Space Industries (VSI), against cyberattacks. As part of a team of three SOC analysts at Fable CyberSecurity Inc., we were tasked with monitoring critical VSI systems, including Windows servers and an Apache web server. This project demonstrates our proficiency in security monitoring, log analysis, threat detection, and incident response using Splunk.

Table of Contents

Project Overview

Objectives

The core objectives of this project were:

  • Design a Security Monitoring Environment: Develop a Splunk-based SIEM solution to establish baselines, detect anomalies, and respond to cyber threats.
  • Monitor Critical Systems: Collect and analyze logs from Windows servers and an Apache web server.
  • Detect and Analyze Attacks: Identify and investigate simulated cyberattacks to assess the effectiveness of the SIEM.
  • Provide Recommendations: Suggest improvements to enhance VSI's security posture based on analysis findings.

Tools and Technologies

  • Splunk Enterprise
  • Splunk Apps and Add-ons:
    • Splunk Add-on for Microsoft Windows
    • Splunk App for Windows Infrastructure
  • Operating Systems:
    • Windows Server 2019
    • Ubuntu Server (Apache Web Server)
  • Other Tools:
    • Wireshark
    • Python
    • Visualization Tools

For detailed reports and findings, please refer to the SIEM Implementation Report.

Results and Findings

  • Successful Detection of Attacks: Detected multiple simulated cyberattacks, including brute-force login attempts, SQL injection attempts, and DoS attacks, using Splunk dashboards and alerts.
  • Effective Monitoring and Analysis: Collected and analyzed logs from critical systems, establishing baselines and identifying anomalies.
  • Actionable Insights: Provided recommendations to enhance security measures, such as strengthening password policies, implementing geo-blocking, and refining alert thresholds.

Conclusion and Reflections

This project demonstrated the critical role of SIEM solutions in detecting and responding to cyber threats. Working collaboratively as a team of three, we leveraged Splunk's capabilities to effectively monitor VSI's systems, detect simulated attacks, and provide actionable recommendations. The experience reinforced the importance of teamwork, continuous monitoring, proper configuration, and proactive security measures in cybersecurity operations.

About

Developed a custom SIEM solution using Splunk for Virtual Space Industries. As part of a team of three SOC analysts, monitored critical systems, detecting simulated cyberattacks like brute-force logins and SQL injections. Provided recommendations to enhance security posture, demonstrating expertise in security monitoring and incident response.

Topics

log-analysis splunk incident-response cybersecurity data-analytics siem soc vulnerability-management threat-detection security-operations log-correlation security-information-and-event-management

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published