SIEM-Py is a simple Python-based SIEM (Security Information and Event Management) script that analyzes system and web server logs to detect suspicious activity.
The project currently processes:
- Linux authentication logs (
auth.log) - Apache web server logs (
apache.log)
This project is intended for learning, practice, and cybersecurity labs.
SIEM-Py/ βββ siem.py # Main SIEM analysis script βββ auth.log # Linux authentication logs βββ apache.log # Apache web server logs βββ README.md
- Parses Linux
auth.log - Parses Apache access logs
- Detects suspicious events (e.g. failed logins, brute-force attempts)
- Simple and readable Python code
- Easy to extend with new detection rules
- Python 3.x
python siem.py
The script will analyze the logs and print detected security events.
π§ What It Detects
Multiple failed SSH login attempts
Unauthorized login attempts
Suspicious web requests in Apache logs
Basic brute-force behavior
π― Purpose
Learn SIEM fundamentals
Practice log analysis
Blue Team / SOC training
Portfolio cybersecurity project
π Future Improvements
Real-time log monitoring
Alert severity levels
Output alerts to files
Support for more log types
Dashboard or CLI options
π License
MIT License
β Notes
This is a basic SIEM implementation and not intended for production use.