vipulsharma00/automated_log_analyzer

# Automated SOC Log Analyzer ## Overview A production-ready Python tool designed for Security Operations Center (SOC) environments. This script automatically ingests server authentication logs, uses Regular Expressions to detect Indicators of Compromise (IOCs), and flags Brute-Force attacks in real-time. It features a modular architecture, memory-safe data streaming, and automated CSV forensic reporting. ## Features - **Regex-based Parsing:** Accurately extracts Usernames and IP addresses from unstructured Linux `auth.log` files. - **Stateful Analysis:** Tracks IP failure counts and applies dynamic thresholds to detect brute-force attacks while mitigating "Alert Fatigue." - **Memory-Safe:** Uses Python Generators (`yield`) to process massive log files (10GB+) sequentially with near-zero RAM consumption. - **Forensic Reporting:** Automatically exports actionable CSV reports containing malicious IPs, suitable for SIEM ingestion or firewall blocking. ## Tech Stack - **Python 3.x** - **Libraries:** `re` (Regex), `csv`, `argparse`, `logging`, `collections.defaultdict` - **Architecture:** Modular, Object-Oriented, Command-Line Interface (CLI) ## Usage Run the tool via the command line, providing the path to your log file. You can optionally define the brute-force threshold. # Basic Usage python src/main.py sample_logs/auth.log # Custom Threshold Usage (Alert on 10 failures) python src/main.py sample_logs/auth.log --threshold 10