SIEM-Py is a simple Python-based SIEM (Security Information and Event Management) script that analyzes system and web server logs to detect suspicious activity.
The project currently processes:
- Linux authentication logs (
auth.log) - Apache web server logs (
apache.log)
This project is intended for learning, practice, and cybersecurity labs.
SIEM-Py/ ├── siem.py # Main SIEM analysis script ├── auth.log # Linux authentication logs ├── apache.log # Apache web server logs └── README.md
- Parses Linux
auth.log - Parses Apache access logs
- Detects suspicious events (e.g. failed logins, brute-force attempts)
- Simple and readable Python code
- Easy to extend with new detection rules
- Python 3.x
python siem.py
The script will analyze the logs and print detected security events.
🧠 What It Detects
Multiple failed SSH login attempts
Unauthorized login attempts
Suspicious web requests in Apache logs
Basic brute-force behavior
🎯 Purpose
Learn SIEM fundamentals
Practice log analysis
Blue Team / SOC training
Portfolio cybersecurity project
📌 Future Improvements
Real-time log monitoring
Alert severity levels
Output alerts to files
Support for more log types
Dashboard or CLI options
📜 License
MIT License
⭐ Notes
This is a basic SIEM implementation and not intended for production use.