Description
This is a SIEM supervision project, which detects abnormal log volumes (drop or peak), of the devices connected to the SIEM.
I developed a python program that requests the SIEM regularly to get the number of logs dumped on the SIEM, per device. I keep a moving average and a standard deviation of the log number usually spilled for each device. Thanks to these informations, the program is able to detect abnormal log volumes, which can represent a device disconnect, an overload, a network problem or other.
Technology used
- SIEM
- Python