Overview
A set of Python and Bash scripts designed to parse network/system logs, identify anomalies using statistical analysis, and classify security incidents by severity.
Features
- Log Parsing:
log_parser.sh extracts key fields (IPs, Protocols, Payload Length) from raw log files.
- Anomaly Detection:
anomaly_detector.py uses Z-score analysis to identify unusual traffic patterns.
- Severity Classification: Automatically labels incidents as LOW, MEDIUM, or HIGH based on deviation from baseline.
- Reporting: Generates CSV reports of detected incidents for further investigation.
Getting Started
Prerequisites
Usage
- Parse raw logs:
./log_parser.sh sample_network.log
- Run detection:
python anomaly_detector.py
Example Findings
Identified risks such as:
- Data exfiltration (unusually large packet sizes)
- Port scanning (high frequency of connection attempts)
- Unauthorized access attempts from unknown IPs