Project Summary

This project is the most complex that I have done so far. There are a few moving parts that came together to make this project work. In a nutshell, I first used Microsoft Azure as this was all be performed on the cloud. On Azure, I then configured a virtual machine to be vulnerable to the internet and this served as the honeypot. All of the failed login attempt logs on the honeypot were forwarded to Microsoft Sentinel which is a SIEM platform. Next, I utilized a geolocation API to interpret where the attacks are coming from. The final part of the project collected the API data and visualized the attacks on a geographic map, in real time. Lastly, I analyzed the logs and threat map and remediated the threats accordingly. The objectives accomplished in this project are as follows:

• Configured the honeypot VM.

• Configured the log repository.

• Set up Microsoft Sentinel (SIEM).

• Configured log forwarding from the VM to Microsoft Sentinel.

• Configured geolocation API to translate Ip addresses to geographic locations.

• Queried the security logs.

• Configured Sentinel workbook to display geographic data.

• Analyzed the threat map.

• Remediated the threats.