GreyLog SIEM Project
GreyLog SIEM Project
This project focused on building a small Security Operations Centre lab using Graylog to simulate how security teams detect suspicious activity through centralised logging and alerting.
This project focused on building a small Security Operations Centre lab using Graylog to simulate how security teams detect suspicious activity through centralised logging and alerting.
CHALLENGES
CHALLENGES
A key challenge during the setup was version compatibility between Graylog 4.3.15 and OpenSearch 1.3.x. This resulted in configuration errors that initially prevented Graylog from properly connecting to and communicating with the OpenSearch backend. Resolving this required troubleshooting service configurations, validating version support, and correcting integration settings before the stack could function correctly.
A key challenge during the setup was version compatibility between Graylog 4.3.15 and OpenSearch 1.3.x. This resulted in configuration errors that initially prevented Graylog from properly connecting to and communicating with the OpenSearch backend. Resolving this required troubleshooting service configurations, validating version support, and correcting integration settings before the stack could function correctly.
RESULTS
RESULTS
The completed lab successfully centralised system authentication logs using rsyslog, enabling real time analysis within Graylog. Detection rules and streams were effectively configured to identify specific security events, including multiple failed SSH login attempts, successful logins after repeated failures, and unusual sudo privilege escalation activity. Email notifications were configured via SMTP and triggered correctly when these security events occurred, ensuring timely alerting. In addition, a dashboard was built to visualise authentication activity in real time, providing clear visibility into system events. Overall, the lab delivered a fully functional SIEM setup that supports log ingestion, event correlation, alerting, and visual monitoring, closely reflecting workflows used in a Security Operations Centre.
Project Repository: https://github.com/Enowon/soc-graylog-soc-lab.git
The completed lab successfully centralised system authentication logs using rsyslog, enabling real time analysis within Graylog. Detection rules and streams were effectively configured to identify specific security events, including multiple failed SSH login attempts, successful logins after repeated failures, and unusual sudo privilege escalation activity. Email notifications were configured via SMTP and triggered correctly when these security events occurred, ensuring timely alerting. In addition, a dashboard was built to visualise authentication activity in real time, providing clear visibility into system events. Overall, the lab delivered a fully functional SIEM setup that supports log ingestion, event correlation, alerting, and visual monitoring, closely reflecting workflows used in a Security Operations Centre.
Project Repository: https://github.com/Enowon/soc-graylog-soc-lab.git
CONTACT
Reach out to discuss entry-level SOC roles, Internships, or cybersecurity collaborations
ceceenowon@gmail.com
+44 7823 742289
www.linkedin.com/in/faith-okonoboh
CONTACT
Reach out to discuss entry-level SOC roles, Internships, or cybersecurity collaborations
ceceenowon@gmail.com
+44 7823 742289
www.linkedin.com/in/faith-okonoboh
OKONOBOH
OKONOBOH
OKONOBOH
CONTACT
Reach out to discuss entry-level SOC roles, Internships, or cybersecurity collaborations
ceceenowon@gmail.com
+44 7823 742289
www.linkedin.com/in/faith-okonoboh
