PythonSIEMThreat DetectionLog AnalysisSOCMySQL

Detection Rules
HIGH
SSH Brute Force
5+ failed SSH login attempts from the same IP within a configurable time window.
MED
Web Scanner / 404 Flood
20+ HTTP 404 responses to the same IP, indicative of automated directory enumeration.
HIGH
Port Scan Detected
Same IP hitting 10+ unique destination ports in firewall logs.
CRIT
IOC Database Match
Source IP matches an active entry in the local IOC database. Fires automatically during ingestion.

Toolchain
Log files
|
siem.py ingest # parse logs, run rules, fire alerts
|
+-- checks ioc_db.py # cross-reference every IP seen
|
MySQL alerts # persistent alert storage
|
siem.py dashboard # terminal overview