it# Detection-Lab-
This lab simulates a SOC Tier-1 authentication log analysis tool. The script evaluates system authentication logs and flags suspicous activity based on predefined authentication thresholds. This authentication will quickly distinguish authetnication patterns of brute-force or credintal abuse attacks.
- Parse an uploaded authentication log file
- Counts failed login attempts
- Notifies when reaches threshold login attempts
- Outputs a clear security status message
The following output is my own auth.log from /var. It shows normal authentication traffic. No anomalies in this log file.
This examples shows how the analyzer responded to data logs that fit the login pattern thresholds. This log is a practice set of suspicous auth.log.
The first highligted line is where the user can insert the Linux log file. Next, what message will display based on what the log holds.
