Welcome to the SIEM-Analysis repository — a structured collection of Markdown-based guides focused on the practical use of modern Security Information and Event Management (SIEM) platforms. This repository walks you through setting up and analyzing data with Splunk, Elastic Stack, and Wazuh, as well as tuning logs and detecting real-world attack simulations.
This repository is designed to help you:
- Understand and deploy SIEM platforms: Splunk, Elastic, and Wazuh
- Configure log collection tools like Sysmon and PowerShell logging
- Integrate threat intelligence sources like VirusTotal
- Analyze APT-style attacks using simulated scenarios
- Participate in SIEM-based Capture The Flag (CTF) exercises
Whether you're a beginner looking to get started with SIEM or an analyst preparing for a SOC role, this repo offers hands-on knowledge and exercises written in a clear and practical format.
- Introduction to Splunk, Elastic Stack And Wazuh
- Step-by-step installation and configuration of Splunk, Elasticsearch, Kibana, and Logstash
- Wazuh setup, detection tuning, custom rule creation, and real-time alerting
- Integration of VirusTotal with Wazuh
- Collecting and analyzing Windows logs with Sysmon
- Running and detecting APT simulations
- Walkthroughs of SIEM-focused CTF challenges
Each topic is covered in a dedicated Markdown file and follows a lab-based, practical approach.
The guides make use of:
- Splunk Free or Enterprise Trial
- Elastic Stack (ELK) and Kibana
- Wazuh Security Platform
- Sysmon for endpoint logging
- PowerShell logging
- APT Simulator (by Nextron Systems or similar)
- VirusTotal API
You’ll need a lab environment (e.g., virtual machines or cloud instances) to follow along.
- Clone or download the repository:
git clone https://github.com/CodeLife01/SIEM-Analysis.git cd SIEM-Analysis
This repository is provided for educational and research purposes only. Do not attempt to run attack simulations or collect endpoint logs on production systems. Always use isolated test environments and adhere to ethical and legal standards.
Contributions are welcome! You can help by:
- Adding new guides or exercises
- Improving clarity, accuracy, or formatting
- Sharing sample alerts, dashboards, or use cases
To contribute, fork the repository and submit a pull request.
This project is licensed under the MIT License.