Endi47/Cybersecurity-Monitoring-Project

# Cybersecurity-Monitoring-Project Cybersecurity project focused on Windows security monitoring, Sysmon logging, incident detection and automated response in a virtual lab environment. The project includes Active Directory, PowerShell automation, threat detection techniques, and security event analysis to simulate real-world Blue Team operations. # Cybersecurity Monitoring & Incident Response Project ## Overview This project focuses on cybersecurity monitoring, incident detection, and automated response within a Windows-based lab environment. The purpose of the project is to simulate realistic security events, improve visibility in the network, and strengthen defensive security measures using monitoring tools and log analysis. The environment was built using virtual machines and includes domain services, client systems, Sysmon logging, and automated incident response techniques. ## Features * Sysmon configuration and event monitoring * Detection of suspicious processes and persistence techniques * Registry change monitoring * Automated response to malicious activity * Windows Event Log analysis * Network segmentation concepts * Security documentation and incident handling ## Technologies Used * Windows Server * Windows 11 * Sysmon * PowerShell * VirtualBox / Hyper-V * Active Directory * Event Viewer ## Project Goals The main goal of this project was to gain hands-on experience in: * Security monitoring * Threat detection * Incident response * Log analysis * Defensive cybersecurity operations ## Lab Environment The lab environment consists of: * Domain Controller * Windows Client * Monitoring configuration * Security logging setup * Simulated attack scenarios ## Learning Outcomes Through this project, we improved our understanding of: * Blue Team operations * Windows security monitoring * Persistence detection * SIEM-related concepts * Security automation ## Disclaimer This project was created for educational and learning purposes only.