Skip to content

DivyanshuGairwal/Mini-SIEM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
dashboard
dashboard
 
 
output
output
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pipeline.py
pipeline.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🛡 Mini SIEM — Security Information and Event Management System

A lightweight Security Operations Centre (SOC) platform that detects, analyzes, and visualizes cyber threats using a combination of rule-based detection and machine learning.

🚀 Overview

Mini SIEM simulates a real-world SOC environment where security analysts monitor logs, detect anomalies, and investigate threats. The system processes multiple cybersecurity datasets, applies detection logic, and presents insights through an interactive dashboard.

⚙️ Features

  • 🔍 Rule-based threat detection (SQLi, XSS, DDoS, etc.)
  • 🤖 Machine learning anomaly detection (Isolation Forest + LOF)
  • 🧠 SHAP-based explainability for model decisions
  • 🗂 SQLite database for alert storage
  • 📊 Interactive Streamlit dashboard (SOC-style UI)
  • 🧑‍💻 Analyst workbench for investigation and alert management hello hey

🧱 Architecture

Raw Data → Cleaning → Rule Detection → ML Models → Explainability → Database → Dashboard

🛠 Tech Stack

  • Language: Python
  • Data Processing: Pandas, NumPy
  • Machine Learning: Scikit-learn
  • Explainability: SHAP
  • Database: SQLite
  • Frontend: Streamlit
  • Visualization: Plotly

📂 Project Structure

mini-siem/
├── dashboard/        # Streamlit dashboard
├── src/              # Core logic (cleaning, detection, ML, DB)
├── pipeline.py       # Main pipeline
├── requirements.txt
└── README.md

▶️ How to Run Locally

# Create virtual environment
python -m venv .venv

# Activate
.venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Run pipeline
python pipeline.py --clean

# Launch dashboard
streamlit run dashboard/app.py

⚠️ Note on Data

Due to large dataset sizes, raw and processed data files are not included in this repository.

🎯 My Contribution

  • Designed and developed the SOC dashboard using Streamlit
  • Implemented alert visualization and filtering system
  • Integrated SQLite database with frontend
  • Built analyst workflow interface for alert investigation

📌 Future Improvements

  • Real-time log ingestion (Kafka / APIs)
  • User authentication system
  • Cloud deployment with scalable backend

🌐 Deployment

This project can be deployed using Streamlit Cloud:

  1. Push code to GitHub
  2. Go to https://share.streamlit.io
  3. Connect your repository
  4. Set entry point: dashboard/app.py
  5. Deploy

📣 About

A practical implementation of a SIEM system demonstrating cybersecurity analytics, anomaly detection, and SOC workflows.

About

Lightweight SIEM system for cyber threat detection using rule-based and ML anomaly detection with a SOC-style dashboard.

Topics

python machine-learning cybersecurity siem anamoly-detection

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages