A SQL-based security incident analysis system for investigating security events. Analyzes login attempts, detects suspicious patterns, and retrieves targeted employee data. Uses advanced SQL queries with pattern matching, date filtering, and correlation analysis for efficient incident response.
- Advanced SQL Queries - Comprehensive queries for security incident analysis
- Login Attempt Analysis - Detect brute force and suspicious login patterns
- Pattern Detection - Identify anomalous behavior patterns
- Automated Reporting - Generate incident reports from query results
The project includes SQL scripts for creating the necessary database schema for security incident tracking.
- Oracle Database 12c+ (or compatible SQL database)
- SQL*Plus or compatible SQL client
- Python 3.8+ (for reporting scripts)
- Create the database schema:
sqlplus username/password@database @schema.sql- Load sample data (optional):
sqlplus username/password@database @sample_data.sqlsqlplus username/password@database @queries/login_analysis.sqlsqlplus username/password@database @queries/suspicious_patterns.sqlpython generate_report.py --incident-id 12345SELECT username, COUNT(*) as failed_attempts,
MAX(login_time) as last_attempt
FROM login_logs
WHERE status = 'FAILED'
AND login_time > SYSDATE - 1
GROUP BY username
HAVING COUNT(*) > 5
ORDER BY failed_attempts DESC;SELECT ip_address, COUNT(DISTINCT username) as unique_users,
COUNT(*) as total_attempts
FROM login_logs
WHERE status = 'FAILED'
AND login_time > SYSDATE - 1
GROUP BY ip_address
HAVING COUNT(*) > 10
ORDER BY total_attempts DESC;security-incident-database/
├── schema.sql # Database schema creation
├── sample_data.sql # Sample data for testing
├── queries/
│ ├── login_analysis.sql # Login attempt queries
│ ├── suspicious_patterns.sql # Pattern detection
│ └── incident_response.sql # Incident response queries
├── reports/
│ └── generate_report.py # Python reporting script
├── README.md # This file
└── .gitignore
MIT License
John Bustamante - Cybersecurity Professional