Incident Detection & Response – Brute-Force Attack Analysis with SIEM

In this project, I simulated a brute-force attack scenario against a Windows server and analyzed the logs using a SIEM platform.

The SIEM detected multiple failed login attempts from the same external IP address within a short timeframe. I investigated the logs, correlated the events, and confirmed malicious activity.

Finally, I created an incident report including detection details, analysis steps, and remediation recommendations (such as blocking the attacker’s IP and enforcing account lockout policies).