i Installed and configured Suricata to monitor network traffic through AF-PACKET.

Enabled Emerging Threats rules to detect suspicious and abnormal behavior.

Generated safe test traffic using tools such as:

Nmap (port scanning & service detection)

Ping/ICMP tests

HTTP requests to test alert rules (e.g., testmyids.com)

Captured alerts and analyzed them from:

/var/log/suricata/eve.json/var/log/suricata/fast.log

Forwarded Suricata logs into Splunk and used the TA-Suricata add-on to parse fields, visualize alerts, and build dashboards.

Interpreted real network events such as DHCP hostname exposure, HTTP anomalies, port scan attempts, and policy violations.

Skills Demonstrated

Intrusion Detection & Monitoring

Packet Capture & Analysis

Suricata Configuration & Rule Tuning

Splunk Log Ingestion and Field Extraction

Threat Interpretation & Event Correlation

Linux System Administration

Network Security Fundamentals

Conclusion: This project helped me gain hands-on experience with security monitoring tools, understand how IDS systems detect threats, and learn how logs are transformed into actionable intelligence using SIEM platforms like Splunk