Intermediate Pro

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Self-Paced by Rajneesh Gupta

Overview

Project Overview: Apache Server Log Analysis using Splunk

This project guides you through analyzing Apache web server logs in Splunk to detect brute force attempts, SQL injection patterns, suspicious scanning activity, and XSS attacks. Using a realistic Apache access.log dataset, you’ll learn how to ingest, query, and visualize web logs in Splunk, simulating how a SOC analyst investigates potential web-based intrusions.

  • Analyze Apache access logs from legitimate users, crawlers, bots, and attackers
  • Detect brute force, SQLi, LFI, and XSS in web server logs
  • Spot reconnaissance and scanning attempts targeting admin paths
  • Correlate status codes and User-Agents to distinguish normal vs. malicious traffic
  • Hands-on lab using the provided apache_mixed_access.jsonl dataset

What You'll Learn

  • Log Ingestion & Parsing

    How to upload Apache access logs (JSON) into Splunk and extract meaningful fields.

  • Threat Detection Queries

    Build SPL searches to identify brute force attempts, SQL injection, XSS payloads, and reconnaissance.

  • Visualization & Alerting

    Create dashboards for top attackers, error trends, and suspicious URIs.

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.

Apache Web Server Log Monitoring using Wazuh
Pro Beginner

Apache Web Server Log Monitoring using Wazuh

Real-time detection of HTTP errors, brute-force and suspicious requests from Apache logs

Deploying Splunk Universal Forwarder on Windows Machine
Pro Intermediate

Deploying Splunk Universal Forwarder on Windows Machine

Collecting and Forwarding Logs from Windows to Splunk Indexer