Skip to content

CodeLife01/SIEM-Analysis

Repository files navigation

🔍 SIEM Analysis – Learning Series

Welcome to the SIEM-Analysis repository — a structured collection of Markdown-based guides focused on the practical use of modern Security Information and Event Management (SIEM) platforms. This repository walks you through setting up and analyzing data with Splunk, Elastic Stack, and Wazuh, as well as tuning logs and detecting real-world attack simulations.


🎯 Overview

This repository is designed to help you:

  • Understand and deploy SIEM platforms: Splunk, Elastic, and Wazuh
  • Configure log collection tools like Sysmon and PowerShell logging
  • Integrate threat intelligence sources like VirusTotal
  • Analyze APT-style attacks using simulated scenarios
  • Participate in SIEM-based Capture The Flag (CTF) exercises

Whether you're a beginner looking to get started with SIEM or an analyst preparing for a SOC role, this repo offers hands-on knowledge and exercises written in a clear and practical format.


🧠 Topics Covered

  • Introduction to Splunk, Elastic Stack And Wazuh
  • Step-by-step installation and configuration of Splunk, Elasticsearch, Kibana, and Logstash
  • Wazuh setup, detection tuning, custom rule creation, and real-time alerting
  • Integration of VirusTotal with Wazuh
  • Collecting and analyzing Windows logs with Sysmon
  • Running and detecting APT simulations
  • Walkthroughs of SIEM-focused CTF challenges

Each topic is covered in a dedicated Markdown file and follows a lab-based, practical approach.


🛠 Recommended Tools

The guides make use of:

  • Splunk Free or Enterprise Trial
  • Elastic Stack (ELK) and Kibana
  • Wazuh Security Platform
  • Sysmon for endpoint logging
  • PowerShell logging
  • APT Simulator (by Nextron Systems or similar)
  • VirusTotal API

You’ll need a lab environment (e.g., virtual machines or cloud instances) to follow along.


📦 How to Use This Repo

  1. Clone or download the repository:
    git clone https://github.com/CodeLife01/SIEM-Analysis.git
    cd SIEM-Analysis

⚠️ Disclaimer

This repository is provided for educational and research purposes only. Do not attempt to run attack simulations or collect endpoint logs on production systems. Always use isolated test environments and adhere to ethical and legal standards.

🤝 Contributions

Contributions are welcome! You can help by:

  • Adding new guides or exercises
  • Improving clarity, accuracy, or formatting
  • Sharing sample alerts, dashboards, or use cases

To contribute, fork the repository and submit a pull request.

📜 License

This project is licensed under the MIT License.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published