Post by Khawaja Bilal Ahmed

CS 28 @UET Lahore

Thrilled to share our Information Security final project, LARA (Log Aggregation and Risk Analysis)—a SIEM solution built to centralize log analysis and strengthen cybersecurity through intelligent threat detection. A SIEM (Security Information & Event Management) is a centralized security platform that gathers logs from different sources, analyzes them using predefined rules and behavioral patterns, detects potential threats, and presents the findings through dashboards and alerts. Modern systems generate massive volumes of security logs, making threat detection challenging. To address this, we developed a solution that collects, normalizes, aggregates, correlates, and reports security events through an efficient detection pipeline. Huge thanks to my teammates  Muhammad Umair| Muhammad Ihtisham | Affan Asim | Rustgaar Ahmad for their collaboration and dedication throughout this project. 📥 Current Log Sources Our system currently collects and processes logs from City Bank and SSH (Secure Shell), with a scalable architecture that supports the integration of additional log sources in the future. 🏦 City Bank: A web-based banking application that enables users to securely manage accounts, perform transactions, and generate security logs for analysis. 💻 SSH (Secure Shell): A secure network protocol that provides encrypted remote access and file transfer while generating authentication and session logs for security monitoring. 🔐 Project Workflow 🔷 WatchDog ▪️ Collects logs from multiple sources. ▪️ Normalizes them into a standard format. ▪️ Sends log batches to LARA. 🔷 LARA ▪️Receives log batches ▪️ Aggregates and correlates security events. ▪️ Detects cyber threats. ▪️ Displays alerts on an interactive dashboard. The Four SIEM Pillars 🔷 Normalization: Standardizes logs from different sources into a unified format. 🔷 Aggregation: Groups related events to reduce noise and improve efficiency. 🔷 Correlation: Identifies attack patterns using security rules and behavioral analysis. 🔷 Reporting: Presents prioritized alerts on an interactive dashboard for effective monitoring. Threats Detected 🔒 Brute Force Attacks 👤 Account Takeover 💉 SQL Injection 💳 Transaction Flooding 🔑 Credential Stuffing 🛠️ Technologies Used 🔹 FastAPI 🔹 React 🔹 Watchdog Library 🔹 SQLite 🔹 SQLAlchemy 🔹 Streamlit This project provided us valuable hands-on experience in SIEM architecture, log management, event correlation, and cybersecurity threat detection. A sincere thanks to our instructor Kamran Mustafa for the continuous guidance, insightful feedback, and unwavering support throughout this project. Your mentorship and encouragement were instrumental in helping us successfully bring this project to life. Github Repo: https://lnkd.in/dA9kmg-3 #CyberSecurity #InformationSecurity #SIEM #ThreatDetection #LogManagement

Post content

Video Content