← Back to Operations
Infrastructure Defense

WebSphereAlert

Real-time infrastructure monitoring and alerting system for detecting anomalous web traffic and brute-force attempts.

Detection Logic

Parses NGINX and Apache access/error logs in real-time, utilizing regex-based anomaly detection to identify HTTP flood patterns, SQL injection payloads, and 401/403 brute-force cascades.

Incident Response

Automatically generates structured incident payloads sent via Webhooks (Slack/Discord) and SMTP, empowering the SOC team with actionable, instantaneous telemetry data.

Detection Pipeline

[ Server Access Logs (/var/log/nginx/access.log) ]
       |
       v
[ Tail / Log Parser Daemon ]
       |
       v
[ Anomaly Detection Engine ]
       |--> Match: Repeated 404s (Dirbuster/Gobuster)
       |--> Match: Payload Signatures (SQLi / XSS)
       |--> Match: High Request Rate (DDoS)
       |
       v
[ Notification Dispatcher ]
       |--> Slack Webhook (JSON)
       |--> Email Notification (SMTP)
View Repository on GitHub