SentinelSOC Pro is a SIEM-style SOC monitoring platform built using Python and Flask.
It provides multi-log monitoring, attack detection, event correlation, threat intelligence enrichment, and incident response workflows.
• Real-time SOC Dashboard
• Multi-log monitoring (auth.log, apache.log, firewall.log)
• SSH brute-force detection
• Web attack detection
• Firewall deny monitoring
• Cross-source attack correlation
• MITRE ATT&CK technique mapping
• Threat Intelligence view
• IOC Watchlist management
• Blocklist export
• Incident management workflow
• Analyst notes and timeline
• CSV / JSON report export
• Telegram test alerts
• Docker deployment support
SentinelSOC currently supports:
- auth.log (Linux authentication logs)
- apache.log (web server logs)
- firewall.log (UFW / firewall events)
SentinelSOC-Pro
│
├── app.py
├── SentinelSOC_Pro.py
├── requirements.txt
├── Dockerfile
├── docker-compose.yml
├── start.sh
├── reset_runtime.sh
│
├── templates/
├── static/
├── logs/
├── alerts/
├── sample_logs/
│
└── README.md
Clone the repository
git clone https://github.com/Nowfir0369/SentinelSoc---Pro.git
cd SentinelSoc---ProCreate virtual environment
python3 -m venv venvActivate environment
source venv/bin/activateInstall dependencies
pip install -r requirements.txtRun SentinelSOC
./start.shOpen browser
http://127.0.0.1:5000
You can load example attack logs for testing.
cp sample_logs/auth.log logs/auth.log
cp sample_logs/apache.log logs/apache.log
cp sample_logs/firewall.log logs/firewall.log
Restart tool:
./start.sh
./reset_runtime.sh
This clears alerts, incidents, and logs.
docker compose up --build
SentinelSOC follows a simplified SOC workflow:
- Log ingestion
- Event parsing
- Alert detection
- Attack correlation
- Threat enrichment
- Analyst investigation
- Incident management
Built by Nowfir