Home lab SIEM project using Splunk to detect failed login attempts
This home lab simulates a real-world SIEM setup using Splunk to detect and alert on failed login attempts. I generated custom log data and used dashboards to visualize suspicious behavior, demonstrating basic detection engineering and log analysis skills.
Tools Used
- π₯οΈ Splunk (Free version, installed locally)
- πͺ Windows 10 VM (Simulated attacker machine)
- βοΈ Manual data upload or log ingestion (via Splunk web UI)
- π¦ VirtualBox (for virtual machine management)
What I Did
- Installed and configured Splunk in a virtual environment
- Simulated multiple failed login attempts on a Windows VM
- Uploaded or ingested logs into Splunk
- Used Splunk Search Processing Language (SPL) to find failed login events
- Built a dashboard to visualize login failure patterns
- Analyzed log entries to identify login behavior and potential brute force attempts
| Splunk Dashboard | Log Sample |
|---|---|
 |
- SIEM setup and log ingestion
- Log parsing and dashboard creation
- Detection engineering (MITRE ATT&CK mapping)
- Basic threat simulation in a safe lab environment
How To Recreate This Lab Instructions coming soon...
LinkedIn Post https://www.linkedin.com/feed/update/urn:li:activity:7345527308415340545/