Description
Aimed at enhancing SIEM monitoring, this project detects abnormal log volumes from connected devices, indicating potential disconnections or network issues. Key aspects included:
- Developing a Python application that regularly queries the SIEM for log counts per device.
- Maintaining moving averages and standard deviations per device to establish baselines.
- Detecting deviations that signal anomalies and triggering real-time alerts.
The solution enabled proactive incident detection, reducing downtime by identifying operational issues early.
Technology used
- SIEM
- Python