Designed and built an enterprise-grade Security Information and Event Management (SIEM) solution from scratch, using Python, Flask, Elasticsearch, and Kibana/Wazuh-style architecture. Developed an end-to-end log processing pipeline, including automated ingestion from agents, parsing, normalization, categorization, enrichment (GeoIP, ASN, threat intelligence), correlation, and real-time alerting Implemented advanced detection logic covering brute-force attacks, malware, ransomware, data exfiltration, phishing, and lateral movement, with MITRE ATT&CK mapping for threat classification. Integrated File Integrity Monitoring (FIM), process and USB activity tracking, and role-based dashboards for SOC analysts. Built SOAR-like capabilities including IP blocking, automated host isolation, and alert deduplication. Deployed agent-based log collection for Windows, macOS, and Linux endpoints, with cloud integration for AWS, Azure, and GCP logs. Enhanced system security with TLS, MFA, rate-limiting, and input sanitization, and optimized retention policies, backups, and RBAC for production readiness.
Badminton, Tennis, Cricket, Travel, Reading Books