A real-time log monitoring and threat detection system built in Python that simulates core features of a SIEM (Security Information and Event Management) tool.
The system continuously monitors Linux logs, parses security events, detects suspicious activity (like brute-force attacks), and triggers alerts instantly.
- 📡 Log Monitoring – Continuously reads system logs
- 🧾 Log Parsing – Extracts IPs, timestamps, and actions
- 🚨 Threat Detection – Identifies suspicious patterns (e.g., failed logins)
- 🔔 Alert System – Notifies when anomalies are detected
- ⚡ Modular Design – Clean, scalable architecture
ThreatLens/
│
├── monitor.py # Real-time log reader
├── parser.py # Log parsing logic
├── detector.py # Threat detection engine
├── alert.py # Alert system
├── main.py # Main pipeline
├── attacker.py # Attack simulation bot
└── README.md
Logs → Monitor → Parser → Detector → Alert
- Monitor reads logs in real-time
- Parser extracts useful fields
- Detector identifies threats
- Alert notifies the user
The attacker.py script simulates:
- Random SSH login attempts
- Sudo privilege abuse
- Custom malicious logs
- High-volume attack traffic
git clone https://github.com/Suvanwita/ThreatLens.git
cd ThreatLensRun the system
sudo python3 main.pySimulate attacks (in another terminal)
python3 attacker.py- Python
- Linux Logs (/var/log/auth.log)
- Regex
- Shell Commands
Contributions are welcome! Feel free to fork this repo and submit a pull request.
This project is open-source and available under the MIT License.
Inspired by real-world SIEM systems used in cybersecurity operations.