Skip to content

Ronoh12/security-event-correlator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

2 Commits
demo
demo
Β 
Β 
reports
reports
Β 
Β 
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 

Repository files navigation

🧩 Security Event Correlator (Python)

A Blue Team / SOC-style project that correlates authentication events and firewall blocks into an incident-focused report with risk scoring (LOW / MEDIUM / HIGH).
Outputs both Markdown (human-friendly) and JSON (machine-friendly) reports.

βœ… What It Detects

  • Failed SSH login attempts by source IP
  • Firewall blocks by source IP and destination port
  • Correlated β€œincident” view per IP (auth + firewall evidence combined)
  • Heuristic risk scoring:
    • HIGH: sensitive ports targeted (e.g., 3389/445/21/23) or high volume activity
    • MEDIUM: moderate repeated failures/blocks
    • LOW: low volume noise

πŸ“‚ Project Structure

security-event-correlator/
β”œβ”€β”€ README.md
β”œβ”€β”€ demo/
β”‚   β”œβ”€β”€ demo_auth.log
β”‚   └── demo_firewall.log
β”œβ”€β”€ reports/
β”‚   β”œβ”€β”€ sample_incident_report.md
β”‚   └── sample_incident_report.json
└── src/
    └── correlate_events.py

About

Correlates Linux authentication and firewall logs into incident-style findings with risk scoring, supporting SOC-style analysis and Blue Team investigations.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages