SIEM Simulation Project

Analyzing and reading Splunk

Objective

The Detection Lab project aimed to establish a controlled environment for simulating and detecting cyber-attacks. The primary focus was to ingest and analyze logs within a Security Information and Event Management (SIEM) system to mimic real-world attack scenarios. This hands-on experience was designed to deepen understanding of network security, attack patterns, and defensive strategies.

Skills Learned

  • Advanced understanding of SIEM concepts and practical application.

  • Proficiency in analyzing and interpreting network logs.

  • Ability to generate and recognize attack signatures and patterns.

  • Enhanced knowledge of network protocols and security vulnerabilities.

  • Development of critical thinking and problem-solving skills in cybersecurity.

Tools Used

  • (Splunk) Security Information and Event Management (SIEM) system for log ingestion and analysis.

Proceed to utilize Splunk, click on the Search & Reporting tab on the left bar, and start analyzing the logs. Logs were pre-ingested into the index="network logs",

Examine the firewall logs. External IP 203.0.113.45 performed the most reconnaissance?

10.0.0.20 Was targeted by scans in the firewall log.

VPN logs were targeted by username: svc_backup

After the successful VPN login, internal IP 10.8.0.23 indicated this.

Port lateral SMB had 445 attempts.

In the IDS logs, 10.0.0.60 host beaconed the C2

During the investigation,198.51.100.77 IP was observed to be associated with C2

Contact

© 2025. All rights reserved.