User profile not found. Access is limited.

Log Analysis

Log Analysis involves monitoring and analyzing web security logs to detect threats, anomalies, and unauthorized access attempts. It helps identify malicious activities, such as DDoS attacks, SQL injections, and brute-force attempts. By processing real-time logs, organizations enhance cybersecurity, ensure compliance, and optimize performance, enabling proactive threat mitigation and robust security measures for web applications and networks.

Task 1 Incident Report: Suspicious Activity in Web Server Logs

You are working as a SOC analyst, monitoring web server logs for potential threats. During your investigation, you detect multiple attack attempts, including SQL injection, directory traversal, brute-force login attempts, and remote code execution (RCE). Malicious actors are repeatedly testing the application using suspicious payloads and automated scanners. Some requests attempt to access sensitive files, while others target unauthorized logins. The attack patterns indicate persistent exploitation efforts. To mitigate risks, you recommend restricting unauthorized IPs, enhancing logging and monitoring, validating user inputs, and encrypting sensitive data to prevent unauthorized access and detect threats proactively.

Answer The Questions

Identify the SQL injection attempt in the logs and locate the injected query

Find an XSS attack attempt in the logs. The attacker is trying to execute JavaScript on the target

Identify a directory traversal attempt where the attacker tries to access restricted files.

Identify the brute-force login attempts and report the IP address or behavior.

Identify an attempt to perform a time-based SQL injection (using sleep).

Log Analysis

Task 1 Incident Report: Suspicious Activity in Web Server Logs

Admin Panel