Cybersecurityknowledge~30 mins

Log forensics in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Log Forensics Basics

📖 Scenario: You are a cybersecurity analyst investigating a suspicious activity on a company server. You have access to a log file that records user actions with timestamps and IP addresses.Your task is to analyze the log entries to identify any unusual login attempts based on a threshold of failed attempts.

🎯 Goal: Build a simple log analysis setup that stores log entries, sets a threshold for failed login attempts, counts failed attempts per IP, and identifies IPs exceeding the threshold.

📋 What You'll Learn

Create a dictionary called log_entries with exact entries for user login attempts

Add a variable called failed_attempt_threshold set to 3

Use a for loop with variables ip and status to iterate over log_entries.items() and count failed attempts per IP

Create a list called blocked_ips that contains IPs with failed attempts greater than the threshold

💡 Why This Matters

🌍 Real World

Cybersecurity analysts use log forensics to detect unauthorized access attempts and protect systems from attacks.

💼 Career

Understanding how to analyze logs and identify suspicious patterns is essential for roles like security analyst, incident responder, and network administrator.

Progress0 / 4 steps

Create the log entries dictionary

Create a dictionary called log_entries with these exact entries: '192.168.1.10': 'success', '192.168.1.11': 'failed', '192.168.1.12': 'failed', '192.168.1.11': 'failed', '192.168.1.13': 'success', '192.168.1.11': 'failed'

Cybersecurity

# Create the log_entries dictionary with the specified IPs and statuses
# Your code here

Need a hint?

Use a dictionary with IP addresses as keys and login status as values. Duplicate keys will overwrite previous entries, so consider this in your approach.

Set the failed attempt threshold

Add a variable called failed_attempt_threshold and set it to 3

Cybersecurity

log_entries = {
    '192.168.1.10': 'success',
    '192.168.1.11': 'failed',
    '192.168.1.12': 'failed',
    '192.168.1.13': 'success'
}
# Set the failed_attempt_threshold variable to 3
# Your code here

Need a hint?

This variable will help decide when to flag an IP for too many failed attempts.

Count failed login attempts per IP

Create a dictionary called failed_attempts to count failed logins. Use a for loop with variables ip and status to iterate over log_entries.items(). For each status equal to 'failed', increase the count for that ip in failed_attempts

Cybersecurity

log_entries = {
    '192.168.1.10': 'success',
    '192.168.1.11': 'failed',
    '192.168.1.12': 'failed',
    '192.168.1.13': 'success'
}
failed_attempt_threshold = 3
# Create failed_attempts dictionary and count failed logins per IP
# Your code here

Need a hint?

Use a dictionary to keep counts and the get method to handle new IPs.

Identify IPs exceeding the failed attempt threshold

Create a list called blocked_ips that contains IPs from failed_attempts with counts greater than failed_attempt_threshold

Cybersecurity

log_entries = {
    '192.168.1.10': 'success',
    '192.168.1.11': 'failed',
    '192.168.1.12': 'failed',
    '192.168.1.13': 'success'
}
failed_attempt_threshold = 3
failed_attempts = {}
for ip, status in log_entries.items():
    if status == 'failed':
        failed_attempts[ip] = failed_attempts.get(ip, 0) + 1
# Create blocked_ips list with IPs exceeding the threshold
# Your code here

Need a hint?

Use a list comprehension to filter IPs with too many failed attempts.