Software apps and online services | ||||||
 |
| |||||
Built this **Log Analyzer** to learn practical blue-team detection from raw logs. The goal was simple: take noisy auth/web logs and automatically surface behavior that actually matters. I started with a single script, then refactored into a modular project with dedicated parser, detector, and reporting layers.
The analyzer now flags:
- failed login bursts in short windows
- IP anomalies (many usernames, high fail/no success, rare suspicious sources)
- repeated access patterns on the same resource
I added CLI controls so investigations can be tuned for different environments (`--failed-threshold`, `--repeat-window`, `--min-severity`) and output can be consumed by both humans and tools (`text` or `JSON`, optional `--out` file export).
What made this project meaningful was the engineering journey:
- moving from monolithic code to clean modules
- writing automated tests for parsing, detection, severity filtering, and end-to-end CLI behavior
- documenting the system clearly for beginners and future contributors
This project taught me that strong security tooling is not just detection logic, it is also structure, testability, and usability. The next milestone is integrating this analyzer into a SIEM-style workflow and adding behavior baselining for smarter anomaly detection over time.
Comments