Cybersecurity · SIEM
Log Analyzer Dashboard.
A lightweight SIEM for teams without a Splunk budget: parses logs, flags attacks and maps them to ATT&CK.
Challenge
A full SIEM is expensive and heavy. Small teams still need to spot brute force and scanning in their logs without standing up a Splunk cluster.
Approach
A Flask dashboard that parses syslog, auth.log and web access logs, flags brute-force and port-scan patterns, and maps every alert to a MITRE ATT&CK technique, with Chart.js visualisations.
Outcome
Surfaces brute force and port scans in seconds and runs on a single VM, giving a budget-constrained team real detection instead of grepping logs by hand.
Key decisions
- Parses syslog, auth.log and web access logs out of the box.
- Detects brute-force and port-scan patterns and maps alerts to ATT&CK.
- Chart.js dashboard, containerised, runs on a single VM.