Investigating attacks using Splunk Enterprise logs and creating SPL intrusion detection searches based on known attacker TTPs and anomaly behavior derived from statistical baselines

SOC investigation documenting a two-phase attack involving LFI exploitation and SSH brute-force activity. The analysis includes log investigation, event correlation and digital forensics using Splunk (SIEM) to identify attacker behavior, trace the attack timeline and uncover indicators of compromise (IOCs).

Beginner cybersecurity portfolio featuring SOC investigations, Splunk log analysis, network traffic analysis with Wireshark, vulnerability scans, and TryHackMe labs.

A simulated phishing incident investigation project using email analysis, IOCs, MITRE mapping, and Splunk log review.

Objectives: Leverage OSINT sites during an investigation Map an Attacker's activities to Cyber Kill Chain Phases Utilize effective Splunk searches to investigate logs Understand host-centric and network-centric log sources

SOC lab project demonstrating brute-force SSH detection using Splunk SIEM with real log ingestion and investigation workflow.

A collection of SOC-style investigations and threat analysis exercises using Splunk, including log analysis, incident reconstruction, IOC extraction, and MITRE ATT&CK mapping. Designed for learning, portfolio demonstration, and practical Splunk use in cybersecurity.

This project aims to help the Cybersecurity community understand how to use Splunk Enterprise tool to in reviewing logs and using the log ingestion for analysis and investigation.

This Splunk Mini-Project was used to ingest sample logs, detect abnormal login failures, and create alerts & visualizations to support a security investigation.

Splunk-based SOC investigation uncovering a two-phase LFI exploitation and SSH compromise through cross-log correlation and threat analysis.

This shell script audits any change that happens to [passwd group sudoers] files and writes a log file with what the change is. This final log can later be used to upload into Splunk for Alerts and Investigations

In this repo, we’ll walk through building a home SOC lab where you can see how common attack techniques generate logs, and how defenders can detect and investigate them using Splunk.

Detailed walkthrough of a phishing investigation scenario using the TryHackMe SOC Simulator. It guides the user through analyzing simulated phishing emails, using Splunk SIEM for log queries, investigating alerts, distinguishing true vs. false positives, and tracking a full phishing attack lifecycle.

Digital Forensics and Incident Response investigation performed using Splunk. Includes a full intrusion analysis report, log artifacts, evidence screenshots, and documented findings related to unauthorized account creation, registry manipulation, malicious PowerShell execution, and command-and-control activity.

Analyze host-centric Windows process execution logs (Event ID 4688) ingested into Splunk to detect unauthorized user accounts, LOLBIN abuse, and malicious payload delivery. This investigation focuses on identifying post-compromise actions taken on an HR department host following suspicious IDS alerts.

This project demonstrates how a SOC analyst ingests and analyzes VPN log data using Splunk SIEM. The objective was to simulate real-world SOC investigation tasks such as monitoring VPN access, analyzing user activity, correlating IP addresses, and reviewing geographic access patterns.

This project demonstrates how a SOC analyst ingests and analyzes VPN log data using Splunk SIEM. The objective was to simulate real-world SOC investigation tasks such as monitoring VPN access, analyzing user activity, correlating IP addresses, and reviewing geographic access patterns.

This project showcases my 30-Day SOC Challenge, a hands-on journey to build core blue team skills. It includes daily labs on log analysis, incident response, threat hunting, malware investigation, and SIEM/EDR use cases using Splunk, Wazuh, and Suricata all based on real-world attack simulations with open-source tools.

splunk soc investigations and log analysis

Windows log analysis and Splunk investigations for SOC practice

Practical log analysis using Splunk for cybersecurity investigations and monitoring

Practical log analysis using Splunk for cybersecurity investigations and monitoring

Hands-on Splunk lab for log analysis, threat hunting and SPL investigations

Simulate malware detection and investigate endpoint security logs using Splunk SIEM.

A documented investigation using Splunk and firewall logs to analyze suspicious network activity.

CySA+ practice project analyzing security logs using Splunk dashboards and incident investigation techniques.

Hands-on SOC investigation case studies using Windows logs, Sysmon, Splunk, and CloudTrail.

SOC project simulating and investigating brute force login attacks using Splunk and Windows authentication logs.

This project demonstrates detection and investigation of suspicious activities using Sysmon logs in Splunk.

A collection of Splunk-based SOC investigations and log analysis projects, showcasing threat detection, dashboards, and event correlation using Zeek and authentication logs.