Sub Groups Assigment For SIEM Tools Experiment

[allenjose24]

Hello team,

As part of our capstone project with CyberMetics, we’ve finalized the subgroup allocations for experimenting with different SIEM tools. This step will help us understand the working, strengths, and limitations of leading platforms before we integrate ML-based predictive capabilities into our own tool.

🔹 Sub-Group Assignments:

@nikhilreddy1832 and @ChankapureKameshwar → Microsoft Sentinel

@Prem-197-e and @abijithchowdary → Splunk

@Satish-970 and @allenjose24 → Wazuh

🎯 Objective:

Each subgroup will:

• Set up and explore the assigned SIEM tool.

• Document the installation/configuration process.

• Experiment with core functionalities (log management, detection rules, dashboards, etc.).

• Note down gaps, advantages, and potential areas where ML integration could bring improvements.

📝 Deliverables:

• A shared document (per subgroup) with findings and screenshots.

• A short summary (to be posted here in Discussions) so that we can compare across tools.

• This structured approach will help us build a solid foundation before moving into the design and development phase of our ML-driven SIEM solution.

Let’s aim to complete the initial setup and documentation by 30th September, 2025.

Looking forward to everyone’s updates 🚀

— @allenjose24

[Satish-970]

Yup we are on it Buddy...

[allenjose24]

@CyberMetrics/microsoftsentinal
@CyberMetrics/splunk
@CyberMetrics/wazuh
Hey Teams,

This is a reminder for the task to document the learnings abou the SIEM tools which was mentioned in the earlier announcement. Hope you have covered the most part by now. Looking forward to your acknowledegements about it.

@allenjose24.

[Prem-197-e]

Done with the installation of Splunk, working on it mate.

[allenjose24]

Good to know we are making some real progress!! Keep grinding @Prem-197-e !!

[nikhilreddy1832]

As we Discussed and Divided the tasks, I have gone through about Microsoft sentinel.

Microsoft Sentinel likea digital security Command center.
It is a cloud-native SIEM+SOAR tool.

1)Built directly on Azure.
2)Collects logs,events, and signals from across apps,users device and cloud services and detects threats.
3) It diesnt just alert you , it can automatically respond to incidents.
4) uses Machine Learning to spot unusual patterns.
5) It plugs into Microsoft 365, Azure ,AWS, and even non-microsoft tools.

Microsoft Sentinel = Security guard +detective +rapid response int the cloud.

And the next part, for installation there is no requirement is there.
No need to install as it is availabe in Microsoft Azure in the cloud, as we can acess easily.

Microsft Axure->search Sentinel

It is free for 31 days and you get up to 10/GB day, if you exceed the limit charges may apply according to the extra usage. The Free trial is subject to a 20-workspace limit per Azure tenant.

Note: Don't use University Email,because i tried log but the admin haven;t given the acess.

These are my Intial observations and points later on i will go through the Microsoft Sentinel deeper and i will update the same.

[allenjose24]

Keep up this level of detail when you go deeper into Sentinel. It’ll help all of us get a clear picture as we compare across tools. Looking forward to your next update! @nikhilreddy1832

[Satish-970]

Nice work everyone, Have you gone through ml models that were discussed in our research papers? If not you have to understand the basic backend process of the siem tool's ML models in order to create one.
_I hope you will do!!! _

[Satish-970]

Nice work @nikhilreddy1832 , @Prem-197-e @allenjose24

[allenjose24]

Yeah, that’s a good point. We should definitely look back at the ML models from the research papers and see how they connect with what these SIEM tools are doing under the hood. That’ll give us a clearer idea of the backend processes and help us when we design our own pipeline. I hope all the teams are on it already. @CyberMetrics/microsoftsentinal @CyberMetrics/splunk @CyberMetrics/wazuh.