SIEM Lite Real-Time Security Incident Monitoring Dashboard

[Audio] Welcome! Today I'm presenting SIEM Lite, a lightweight, open-source incident monitoring dashboard. Built using Python, this tool visualizes logs and alerts, giving SOC teams immediate insight into threats and performance metrics..

[Audio] The main goal is to visualize incident data in a meaningful way, helping us identify high severity trends, slow response areas, analyst performance, and geographic threat hotspots. Make it easier for analysts to understand incident trends, threats, and response patterns. Through interactive visual charts and threat maps. Doesn't require heavy infrastructure works with CSV data and runs in a web browser..

[Audio] Our dataset contains 19 critical fields representing incidents reported to a SOC. From identifying threats to measuring response times and compliance, these features form the core of the dashboard. Incident type, severity, tool, source, analyst, response methods are useful for categorizing and filtering incidents. Mttr minutes, mttd minutes help measure operational efficiency Mean Time to Detect & Resolve. Country codes indicating source location of incidents..

[Audio] The dashboard is modular. We begin with filters and proceed to bar and pie charts for frequency distribution. The geo map gives a geographic visualization of incident origins. Designed to support analyst decision-making at a glance. Users can view incidents by Severity, Analyst, Source, Tool used, Geographic origin..

[Audio] This chart is foundational. If we see a surge in Critical incidents, the SOC team can immediately redirect resources. It also helps track long-term shifts in threat types. Plots the count of incidents by severity level for example Critical, High, Medium, Low. Helps prioritize response efforts based on severity trends. Labels directly show the number of incidents per severity..

[Audio] Identifies most common attack types. Helps in threat hunting and mitigation strategies. By understanding dominant incident types, SOCs can proactively strengthen defences. For example, if phishing dominates, security awareness training might be reinforced..

[Audio] These charts offer operational insight. Is one tool generating 80% of alerts? These guide tooling decisions. Which platforms or systems generate alerts. IDS, SIEM, EDR usage distribution. Indicates which data sources are generating incidents ..

[Audio] These charts offer operational insight. Is one analyst overloaded? Is response mostly manual? These guide staffing. Helps identify who handled the most incidents. These visual segments make it easy to track operational patterns and analyst workload..

[Audio] This map provides macro-level insight into threat origins. A spike from certain regions might suggest coordinated attacks, requiring escalation or blacklisting. Uses ISO-3 country codes to plot the geographic location of threats. Highlights countries from which the most alerts originated. Helps analysts understand geographic threat distribution for example if many alerts come from certain regions, geo-based blocking might be considered..

[Audio] We intentionally kept the stack simple and open-source. The dashboard runs on Python and Dash, making it easily customizable and lightweight. Python is core language for processing and serving data. Pandas used to load and transform CSV data. Plotly and Dash to create interactive visualizations like bar charts, pie charts, and maps. Geo mapping tools used to plot threat origin based on geo location codes..

[Audio] SIEM Lite is ideal for organizations that lack budget or don't need full SIEM capabilities. It also works well for student projects, research labs, or proof-of-concept deployments. No license cost. Easy deployment local or server. Customizable for any dataset. Excellent for small SOCs and training..

[Audio] This is just the start. We can integrate File beat or Win log beat for real-time logs, add alerts, and eventually bring in Machine Learning for smarter detection. Integrate email alerts for high-severity incidents. Export incidents to PDF/CSV. Schedule automated report generation..

[Audio] I would like to express my heartfelt gratitude to all those who supported and guided me throughout the successful completion of this research project. I am sincerely thankful to my faculty guide for their valuable insights, encouragement, and continuous support during every stage of the project. Lastly, I would like to thank my peers, friends, and family for their constant motivation and encouragement during this journey..