Log Analysis (Threat Hunting)

Threat Hunting involves proactively searching through networks and server logs to detect and isolate advanced threats that evade existing security solutions.

Live Simulation

SIEM Console

Score: 0

TIME

METHOD

STATUS

REQUEST PATH

ACTION

System Idle. Start monitoring to detect threats.

Click on suspicious logs (SQLi, XSS, etc) to block them.

Tip: Look for abnormal characters (', <, >), directory traversal (../), or admin access attempts.

Interactive: Click "Start Monitoring" and watch the logs. Click on suspicious entries (like SQL injection attempts) to block them and score points.

What to Look For

InjectionsLook for SQL keywords (`SELECT`, `UNION`, `OR 1=1`) or script tags (`<script>`) in URL parameters.
TraversalRepeated `../` sequences indicating attempts to access system files like `/etc/passwd`.
ScanningRequests for sensitive files that shouldn't exist publicly, like `.env`, `wp-login.php` (on non-WP sites), or `backup.sql`.

Blue Team Skills

SIEM ProficiencySecurity Information and Event Management (SIEM) tools aggregate logs. Knowing how to query them is a core skill.

Pattern RecognitionAbility to distinguish between normal user traffic and malicious probing.

Incident ResponseIdentifying a breach is only step one. Containing it (e.g., blocking the IP) quickly is critical.