Skip to content

buganalyst/intelligent-log-analytics-engine

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Intelligent Log Analytics and Threat Detection Engine

Overview

The Intelligent Log Analytics and Threat Detection Engine is a Java-based cybersecurity monitoring platform designed to collect, process, analyze, and visualize application logs in real time.

The system simulates the core functionality of enterprise SIEM (Security Information and Event Management) solutions by continuously monitoring user activities, processing application logs, identifying suspicious behavior, generating alerts, and presenting security insights through an interactive dashboard.

Built using Spring Boot, Log4j2, JPA, Hibernate, H2 database, and modern web technologies, the platform demonstrates practical implementation of cybersecurity monitoring, threat intelligence, log analytics, and security operations concepts.

Problem Statement

Modern web applications generate thousands of log events every day.

Without centralized monitoring:

  • Security incidents remain unnoticed
  • Suspicious activities go undetected
  • Threat investigations become difficult
  • Compliance visibility decreases
  • Incident response becomes slower

Organizations require systems capable of:

  • Real-time log monitoring
  • Security event detection
  • Threat alert generation
  • Log visualization
  • Activity tracking
  • Security analytics

This project addresses these challenges through automated log analysis and rule-based threat detection.

SIEM Inspired Architecture

The project replicates key functionalities commonly found in enterprise SIEM platforms such as:

  • Splunk
  • ELK Stack
  • Wazuh
  • Graylog
  • Microsoft Sentinel

The implementation provides an educational security monitoring environment while maintaining practical cybersecurity workflows.

Real-World Applications

Security Operations Center (SOC)

  • Security monitoring
  • Incident investigation
  • Threat hunting

Enterprise Security

  • Web application monitoring
  • Security auditing
  • User activity tracking

Financial Systems

  • Fraud monitoring
  • Authentication monitoring
  • Login activity analysis

Government Infrastructure

  • Security event monitoring
  • Compliance logging

Cloud Platforms

  • API monitoring
  • Access tracking
  • Security visibility

Educational Cyber Labs

  • Blue Team training
  • Security analytics learning
  • SIEM fundamentals

Key Features

Real-Time Log Collection

Continuously monitors application-generated logs using Log4j2 and scheduled services.

Log Parsing Engine

Extracts structured information including:

  • Timestamp
  • IP Address
  • Request URL
  • HTTP Method
  • Status Code
  • Severity Level

Threat Detection Engine

Detects:

  • Brute-force login attempts
  • SQL Injection indicators
  • Suspicious URL patterns
  • Repeated failed requests
  • High-frequency abnormal traffic
  • Unauthorized access behavior

Alert Management

Generates security alerts whenever suspicious activity crosses predefined thresholds.

Dashboard Analytics

Provides:

  • Real-time log visualization
  • Security alert monitoring
  • Threat statistics
  • Request analytics
  • Activity monitoring
  • Security metrics

Database Integration

Stores:

  • Logs
  • Alerts
  • Threat events
  • Monitoring statistics
  • Historical activity records

Analyst Dashboard

Security analysts can observe:

  • User activity
  • Failed login attempts
  • Request patterns
  • Threat alerts
  • Security trends

through a centralized dashboard.

Impact and Benefits

Area Estimated Improvement
Threat Detection Speed Up to 65%
Security Visibility Up to 70%
Incident Response Efficiency Up to 55%
Log Investigation Time Up to 60%
Security Monitoring Automation Up to 75%
Detection of Suspicious Activities Up to 50%
Operational Security Awareness Up to 45%

Note: Results vary depending on workload, deployment architecture, threat volume, and monitoring configuration.

System Architecture

How the System Works

Step 1

Users interact with the web application.

Step 2

Application activities are logged through Log4j2.

Step 3

The Log Collection Service continuously monitors log files.

Step 4

The Parsing Engine extracts:

  • IP address
  • Request information
  • Status codes
  • Timestamps

Step 5

The Threat Detection Engine evaluates logs using rule-based security analysis.

Step 6

Threat indicators are identified.

Step 7

Alerts are generated.

Step 8

Logs and alerts are stored in the database.

Step 9

The Dashboard visualizes logs, threats, and analytics in real time.

Project Structure

├── images
|   ├── dashboard.png                               # Project dashboard image
|   ├── hld.png                                     # System Design
├── src/main/java/com/loganalytics/
│   ├── LogAnalyticsApplication.java                # Spring Boot entry point
│   ├── model/
│   │   ├── LogEntry.java                           # Log record entity
│   │   ├── ThreatAlert.java                        # Threat alert entity
│   │   └── AppUser.java                            # User entity
│   ├── repository/
│   │   ├── LogEntryRepository.java                 # JPA repo for logs
│   │   ├── ThreatAlertRepository.java              # JPA repo for alerts
│   │   └── AppUserRepository.java                  # JPA repo for users
│   ├── service/
│   │   ├── LogService.java                         # Log CRUD + analytics
│   │   ├── ThreatAlertService.java                 # Alert management
│   │   └── UserService.java                        # User auth logic
│   ├── engine/
│   │   └── ThreatDetectionEngine.java              # Core detection rules
│   ├── controller/
│   │   ├── AuthController.java                     # Login/Register/Logout API
│   │   ├── ActivityController.java                 # User activity + attack sim
│   │   ├── DashboardController.java                # Admin dashboard API
│   │   └── PageController.java                     # HTML page routing
│   ├── dto/
│   │   ├── LoginRequest.java
│   │   ├── RegisterRequest.java
│   │   └── ApiResponse.java
│   └── config/
│       ├── SecurityConfig.java                     # Spring Security config
│       └── DataInitializer.java                    # Seed demo users
├── src/main/resources/
│   ├── application.properties                      # App configuration
│   ├── templates/                                  # Thymeleaf HTML pages
│   │   ├── index.html                              # Landing page
│   │   ├── login.html                              # Login page
│   │   ├── register.html                           # Registration page
│   │   ├── user-dashboard.html                     # User activity panel
│   │   └── admin-dashboard.html                    # Admin log viewer
│   └── static/
│       ├── css/main.css                            # Global styles
│       ├── css/admin.css                           # Admin dashboard styles
│       ├── js/user-dashboard.js                    # User panel logic
│       └── js/admin-dashboard.js                   # Admin panel logic
├── LICENSE                                         # Project License
├── README.md                                       # Readme file
├── pom.xml                                         # Maven dependencies

Threat Detection Rules

Brute Force Detection

Multiple failed login attempts from the same source.

SQL Injection Detection

Detection of suspicious payloads such as:

' OR 1=1 --
UNION SELECT
DROP TABLE

Suspicious URL Detection

Monitoring abnormal endpoint access patterns.

High Frequency Requests

Detects excessive request generation within short intervals.

Failed Access Detection

Tracks repeated unauthorized access attempts.

Technologies Used

Backend

  • Java
  • Spring Boot
  • Spring MVC

Logging

  • Log4j2

Database

  • H2
  • Spring Data JPA
  • Hibernate ORM

Frontend

  • Thymeleaf
  • HTML
  • CSS
  • Bootstrap
  • JavaScript

Security Analytics

  • Regex-Based Parsing
  • Rule-Based Threat Detection

Monitoring

  • Scheduled Services
  • Real-Time Log Processing

Deployment Guide

Clone Repository

git clone https://github.com/yourusername/intelligent-log-analytics-engine.git

cd intelligent-log-analytics-engine

Configure Database

Create MySQL database:

CREATE DATABASE loganalytics;

Update Application Properties

spring.datasource.url=jdbc:mysql://localhost:3306/loganalytics
spring.datasource.username=root
spring.datasource.password=password

Run Application

mvn spring-boot:run

or

java -jar target/loganalytics.jar

Dashboard Capabilities

The dashboard provides:

  • Live log stream
  • Threat alerts
  • Request analytics
  • Alert statistics
  • Threat distribution
  • Login activity tracking
  • Security event history
  • Real-time monitoring metrics

Future Enhancements

  • AI-Powered Threat Detection
  • Machine Learning Anomaly Detection
  • MITRE ATT&CK Mapping
  • Threat Intelligence Integration
  • Geo-IP Analysis
  • Email Alerting
  • Kafka-Based Log Streaming
  • Docker Deployment
  • Elasticsearch Integration
  • Multi-Node Log Collection
  • SOC Case Management

Learning Outcomes

This project provides practical experience in:

  • Cybersecurity Monitoring
  • Blue Team Operations
  • SIEM Fundamentals
  • Spring Boot Development
  • Log Analytics
  • Threat Detection
  • Security Engineering
  • Security Operations Center (SOC)
  • Incident Monitoring
  • Database Management

Conclusion

The Intelligent Log Analytics and Threat Detection Engine demonstrates how modern cybersecurity monitoring systems collect, analyze, and visualize security events in real time. By combining structured logging, rule-based threat detection, dashboard analytics, and database-backed monitoring, the platform delivers a practical SIEM-style security monitoring environment suitable for learning Blue Team operations and security analytics.

License

This project is open-source and available under the MIT License.

About

Java-based SIEM-style cybersecurity platform built with Spring Boot, Log4j2, JPA, and H2 database. Collects, parses, analyzes, and visualizes logs in real time while detecting brute-force attacks, SQL injection attempts, and suspicious activities through rule-based threat detection. Developed as a 4th Semester B.Tech CSE PBL project.

Topics

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors