SIEM Simulator
Interactive Security Information and Event Management Training
Log Ingestion
Query Builder
Log Parser
Alert Rules
Dashboard Designer
Architecture Builder
Log Ingestion Visualizer
Watch logs flow from various sources into the SIEM collector
How it works: Click on any log source to simulate log events being sent to the SIEM.
The collector processes and normalizes the data before storage.
Data Sources
Firewall
Windows DC
Linux Server
Web Application
IDS/IPS
SIEM CollectorProcessing & Normalizing Events
Recent Events
0
SPL Query Builder
Build and test Splunk-style queries against simulated log data
Available Fields
index=windows
index=firewall
EventCode=4625
EventCode=4624
action=deny
action=allow
status=404
status=200
Your Query
Query Examples
Failed Login Detection
index=windows EventCode=4625 | stats count by src_ip | where count>5
Web Attack Detection
index=web status=404 | stats count by uri | sort -count
Firewall Denials
index=firewall action=deny | stats count by dest_port
Timeline Analysis
index=* | timechart span=1h count by sourcetype
Log Parser
Paste raw logs to see how SIEM parses them into structured fields
Raw Log Input
Parsed Fields
Parsed fields will appear here...
Tip: Understanding how logs are parsed into fields is crucial for writing effective queries and correlation rules.
Each field becomes searchable and can be used in analytics.
Alert Rule Builder
Create correlation rules to detect security threats
Create New Alert Rule
Active Alert Rules
Sample Rule: Excessive Failed Logins
Triggers when: Failed login count > 5 in 5 minutes
Severity: High
Dashboard Widget Designer
Create visualizations for your security operations center
Widget Configuration
Live Preview
SIEM Architecture Builder
Design your SIEM deployment architecture by connecting components
Instructions: Drag and drop components to design your SIEM architecture.
Click on components to connect them and build the data flow pipeline.
Available Components
Click buttons above to add components to your architecture