The growing network connectivity witnessed in Supervisory Control and Data Acquisition (SCADA) systems raises cyber security concerns for Industrial Control System (ICS) facilities. To sustain critical infrastructure objective principles such as confidentiality, integrity, and availability from security breaches or devastating cyberattacks, compelling, proactive, and continuous security monitoring is needed. In this study, we propose a process to build an intelligent backend and visual system to handle real time data analytics. For that we demonstrate the use of the Security Information and Event Management (SIEM) tool, Splunk, to aggregate operational intelligence including network, system, and user behavior data. Also, to transform collected raw data into Indicators of Compromise (IOC) added intelligence data, we demonstrate the use of open source threat intelligence platforms. Real time analytics is then applied to prepared intelligence test data using MATLAB. With the proof of concept tool, Tableau, we present ICS system visual solutions, which can support security personnel to make decisions, understand concepts, or foresee the network problems.

Monitor SAP NetWeaver Security Audit Logs with Splunk - no need for third party adapters or SAP-specific intermediate SIEM solutions.

A small security monitoring simulation and event correlation built with Python. Parses authentication logs, detects login bursts, suspicious logins, blocklisted IPs and performs simple anomaly detection. This forwards alerts to Splunk via HTTP Event Collector (HEC). This is a beginner friendly demonstration of SIEM and SOAR concepts.

The Active Directory Home Lab Project helps you set up a virtual environment to learn AD administration, system monitoring with Splunk, and attack simulation using Kali Linux and Atomic Red Team. Gain hands-on experience in configuring domains, managing users, and analyzing security telemetry in a safe and controlled setup.

Cloud Security & SOC portfolio with AWS labs, SIEM monitoring, and threat analysis. AWS | Wazuh | Splunk | Python

🔍 Build a robust Security Operations Center (SOC) with this comprehensive blueprint, featuring Splunk SIEM, automation, and enterprise-level security monitoring.

A hands-on project documenting the installation, configuration, and security of an Active Directory domain with Splunk monitoring and penetration testing using Kali Linux.

Mini Security Operations Center (SOC) built with open-source tools (Wazuh, Splunk, Suricata, pfSense, TheHive, Cortex, Shuffle). Demonstrates log monitoring, threat detection, and automated incident response, aligned with GRC frameworks (NIST CSF & ISO 27001).

This repository contains resources for a SOC Threat Detection and Response Lab, demonstrating threat detection with Splunk and automated response using Ansible. It includes Splunk dashboards, Ansible playbooks, configurations, sample logs, and documentation for setting up and managing security monitoring and incident response.

This project demonstrates the setup and configuration of a comprehensive network security solution in VirtualBox . The lab features an Active Directory (AD) domain with 100 users. The primary focus is on implementing and integrating pfSense (Firewall), Snort (IDS/IPS), and Splunk (SIEM) to secure and monitor the network.

Splunk Technology Add-on for monitoring Ollama LLM deployments. Features file monitoring of server logs, HEC integration for custom telemetry, and CIM compliance for enterprise security. Provides HTTP access log parsing, prompt analytics, and built-in data redaction. Compatible with Splunk Cloud Platform

No description available

Production-grade SOC lab with Splunk SIEM for threat detection and security monitoring

This project demonstrates how to build an end-to-end security monitoring pipeline by integrating AWS GuardDuty with Splunk using AWS services.

Enterprise infrastructure lab deployed in Oracle Cloud Infrastructure, focused on simulating a corporate environment with Active Directory, identity management, automation, and security monitoring using Splunk.

This repository provides a comprehensive guide for integrating Active Directory (AD) with Splunk Universal Forwarder and Sysmon to enhance system monitoring and security analysis in Windows environments.

Enterprise-grade ICT infrastructure monitoring and security operations platform with Splunk. Demonstrates threat detection, Kenya Data Protection Act 2019 compliance, and 80% false positive reduction through alert tuning.

Hands-on SIEM experiments with Wazuh and Splunk. Includes full lab setups, attack simulations, alerts, dashboards, and step-by-step documentation for learning threat detection and security monitoring in controlled environments.

Orchestrated a containerised application on AKS using Kubernetes, provisioned infrastructure on Azure with Terraform, enhanced code quality and security through automated SAST and vulnerability scanning, and improved site reliability with advanced monitoring and visualization using Splunk.

Simulates an enterprise Windows environment inside Azure to practice Active Directory management, SIEM monitoring with Splunk, offensive security techniques using Kali Linux, and adversary simulation with Atomic Red Team. The project focuses on generating security telemetry, analyzing malicious activity, and developing SOC-style remediation.

This project details a homelab setup for advancing skills in cybersecurity, networking, and system administration. It utilizes tools like Wazuh, Splunk, Proxmox, and Active Directory to create a practical environment for hands-on learning and experimentation with security monitoring and network management.

This lab simulates cyberattacks to help you learn how to detect and analyze threats. Kali Linux acts as the attacker, Windows 11 logs activities with Sysmon, and Splunk collects and analyzes those logs. It’s used to practice threat detection, incident response, and security monitoring.

AI Threat Analyst Bot is a smart cybersecurity assistant that integrates with live SIEM tools (Splunk, ELK) to automatically fetch logs, detect anomalies using machine learning, and generate detailed threat reports using GPT-4. It alerts your security team in real time via Slack and Email, and includes a clean React dashboard for easy monitoring.

Practical log analysis using Splunk for cybersecurity investigations and monitoring

No description available

This project demonstrates setting up and monitoring a security environment using Splunk.

I explore several solutions to monitoring an Ubuntu system including Auditd and Splunk Add-on for Unix and Linux. This repo includes the vagrant file needed for building the test environments.

This project demonstrates the setup of a Security Information and Event Management (SIEM) solution to centralize log collection, analyze network activity, and detect simulated cyber threats. Using Splunk Enterprise, I developed custom dashboards and alerts to identify malicious behavior such as port scanning and brute-force attacks in real time

This project sets up a virtual home lab for security monitoring using Snort (IDS) and Splunk (SIEM). It includes configuring Snort on Ubuntu, simulating attacks from Kali Linux, analyzing traffic with Wireshark, and visualizing alerts in Splunk.

Real-time Windows log monitoring using Splunk.