Installation Requirements
Create a requirements.txt file:
txt
PyQt5=5.15.0
pandas=1.3.0
numpy=1.21.0
scikit-learn=0.24.0
joblib=1.0.0
Install with:
bash
pip install -r requirements.txt
Key Features
1. Advanced Log Parsing
- Supports Apache, Nginx, Syslog, Windows, and SSH logs
- Automatic log type detection
- Pattern-based threat signature matching
2. Threat Detection
- SQL Injection detection
- XSS attack patterns
- Brute force attempt identification
- Port scan detection
- Malware indicators
3. Machine Learning Integration
- Isolation Forest for anomaly detection
- Behavioral analysis of IP addresses
- Unusual activity detection
4. Comprehensive GUI
- Dashboard with real-time statistics
- Log viewer with color-coded threats
- Threat analysis table with severity levels
- Interactive visualizations (charts and graphs)
- IOC (Indicators of Compromise) management
5. Database Integration
- SQLite backend for storing results
- Session management
- Whitelist/Blacklist functionality
- Historical data analysis
6. Reporting Features
- HTML report generation
- CSV/JSON/Excel export
- Detailed threat summaries
- Recommended actions
7. Advanced Features
- IP blocking/whitelisting
- Custom IOC management
- Real-time filtering
- Multi-threaded analysis
- Progress tracking
Usage Instructions
- Install dependencies: pip install -r requirements.txt
- Run the application: python log_analyzer.py
- Select log file: Click "Select Log File" and choose a log file
- Choose log type: Select the appropriate log format or use "auto"
- Analyze: Click "Analyze Logs" to start threat detection
- Review results: Check the dashboard for statistics
- Investigate threats: Use the Threat Analysis tab for details
- Take action: Block/Whitelist IPs as needed
- Export: Generate reports or export data
Extending the Tool
Adding New Log Formats:
- Add pattern to LOG_PATTERNS dictionary
- Create corresponding threat signatures
Adding New Threat Types:
- Add patterns to THREAT_SIGNATURES
- Define severity levels in calculate_severity
Customizing Visualizations:
- Modify chart creation methods
- Add new chart types as needed
Comments