analyzing-web-server-logs-for-intrusion
CommunityDetect web intrusion patterns from server logs.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
The skill analyzes Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal, web scanner fingerprints, and brute-force patterns, with GeoIP attribution and anomaly-based insights.
Core Features & Use Cases
- Detect SQLi, LFI, XSS, and scanner signatures in web server logs using regex-based rules mapped to OWASP patterns.
- Enrich detections with GeoIP data to attribute sources and profile attacker geography.
- Brute-force detection across common login endpoints and generation of attacker summaries for threat-hunting workflows.
- Use Case: SOC analysts can run the agent on a log backlog to generate a structured intrusion report suitable for SIEM ingestion.
Quick Start
Run the analysis on your web server access logs to produce a findings report.
Dependency Matrix
Required Modules
geoip2
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-web-server-logs-for-intrusion Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#analyzing-web-server-logs-for-intrusion Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.