A beginner-friendly SOC Analyst / Blue Team project that analyzes Windows Security Event Logs and detects suspicious activity.
- Windows Event Log analysis
- Failed login detection
- Account lockout investigation
- Privilege escalation monitoring
- Event ID analysis
- Threat hunting
- Incident response documentation
- Python scripting
windows_event_log_analyzer.py- Main Python scriptsample_logs/security_events.csv- Sample Windows Security logsreports/event_log_report.txt- Report created after running the toolrequirements.txt- Python requirements
- 4625 → Failed logon
- 4624 → Successful logon
- 4720 → User account created
- 4728 → User added to privileged group
- 4740 → Account locked out
python windows_event_log_analyzer.py sample_logs/security_events.csvSOC Analysts investigate Windows event logs daily to detect brute-force attacks, unauthorized access, account lockouts, and suspicious administrative activity. This project demonstrates real-world SOC monitoring concepts.