siem solution

Description:

Developed a comprehensive SIEM (Security Information and Event Management) system designed to monitor, detect, and respond to security threats in real-time. The system features a centralized management launcher and a web-based dashboard to oversee multiple security agents.

Key Technical Components & Features:

Centralized Launcher: A custom GUI built to manage system prerequisites (Python environment, Admin privileges) and control various security components.

Flask Web Server (Dashboard): Developed the main web interface for real-time data visualization and threat monitoring.

Multi-Agent Architecture:

Network Agent: Captures and monitors live network traffic for suspicious activity (utilizing Npcap).

Windows Agent: Monitors and parses Windows Event Logs to detect unauthorized access or system changes.

Threat Intelligence Agent: Independently checks IP reputations to identify known malicious actors.

Automation & Testing: Integrated "Quick Action" features including automated test scenarios to simulate alerts and database management for efficient data handling.

Technologies Used:

Backend: Python (Flask).

Frontend: HTML, CSS (for the Web Dashboard).

OS Integration: Windows Event Log monitoring, XML data parsing.

Tools: Npcap for network capture, Database management.