Analyzing malicious Snort logs that contain sample HTTP headers with python

Converted the Snort logs into JSON. Export sample logs into WAZUH(SIEM).Create a playbook.

image.png

image.png

image.png

image.png

Sample DNS logs

<aside> 💡

Exporting to SIEM for Security analysis.

</aside>

2024-08-25 09:15:23.456 192.168.1.100 A www.randomstore.com 104.26.0.33
2024-08-25 09:15:23.789 192.168.1.100 AAAA www.randomstore.com 2606:4700::6812:21
2024-08-25 09:15:24.012 192.168.1.101 A api.weatherapp.io 13.33.141.37
2024-08-25 09:15:24.234 192.168.1.102 A news.infoportal.net 151.101.65.67
2024-08-25 09:15:24.567 192.168.1.103 A login.cloudservice.com 52.222.214.23
2024-08-25 09:15:24.890 192.168.1.104 A images.socialmedia.com 31.13.66.35
2024-08-25 09:15:25.123 192.168.1.105 A tracker.analytics.net 172.217.16.142
2024-08-25 09:15:25.456 192.168.1.106 A cdn.videosharing.com 199.232.69.194
2024-08-25 09:15:25.789 192.168.1.107 A mail.corporateemail.org 64.233.184.27
2024-08-25 09:15:26.012 192.168.1.108 A shop.onlinemarket.biz 35.71.131.137
2024-08-25 09:15:26.345 192.168.1.109 A forum.techsupport.help 104.18.2.22
2024-08-25 09:15:26.678 192.168.1.110 A blog.traveldestinations.info 198.185.159.144
2024-08-25 09:15:27.001 192.168.1.111 A secure.onlinebanking.com 23.52.171.64
2024-08-25 09:15:27.234 192.168.1.112 A download.softwareupdate.net 93.184.220.29
2024-08-25 09:15:27.567 192.168.1.113 A stream.musicservice.fm 35.186.224.25