Intermediate Free

SSH Log Analysis using Splunk

A Hands-On Lab to Detect Brute Force Attacks, Failed Logins, and Suspicious SSH Activity Using Splunk SIEM

Self-Paced by Rajneesh Gupta

Overview

This project walks you through analyzing SSH authentication logs in Splunk to detect brute force attacks, suspicious login activity, and failed authentication patterns. You’ll first learn the purpose of SSH log monitoring, then ingest sample logs into Splunk, and finally create searches, dashboards, and alerts to simulate a SOC workflow.

  • Centralized SSH log analysis with Splunk
  • Detection of failed logins & brute force attempts
  • Correlation of successful logins after failures (possible compromise)
  • Visualization of SSH activity by source & destination
  • Alerting on high-risk behavior (multiple failed attempts, unauthenticated sessions)
  • Hands-on lab using the provided ssh_log.json dataset

Project Diagram

What You'll Learn

  • Log Ingestion & Field Extraction

    Learn how to ingest JSON-formatted SSH logs into Splunk and extract key fields like event_type, auth_success, auth_attempts, and IP addresses.

  • Threat Detection Queries

    Build Splunk searches to identify failed logins, multiple failed authentication attempts, and unusual successful logins.

  • Visualization & Dashboards

    Create bar charts, timecharts, and dashboards to track SSH login activity and suspicious behavior.

  • Alerting & SOC Workflow

    Configure Splunk alerts to notify on brute force or suspicious SSH connections, simulating real-world SOC analyst tasks.

Lab Environment

Experience hands-on learning with our carefully designed lab environment that mirrors real-world scenarios.

  • Real-world tools and interfaces
  • Step-by-step guided instructions
  • Interactive lab environment
  • Hands-on practice with live systems
Lab Environment Preview

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.

Apache Web Server Log Monitoring using Wazuh
Pro Beginner

Apache Web Server Log Monitoring using Wazuh

Real-time detection of HTTP errors, brute-force and suspicious requests from Apache logs