🔍 Project Overview
This project, titled Detecting Disgruntled Employee Behavior by Cybersecurity Teams using Mikrotik, AI & Splunk, focuses on detecting internal risks within an organization.
While most companies focus on external threats, insiders — especially disgruntled or dissatisfied employees — can pose serious risks, from data theft to system sabotage.
my project creates an experimental lab setup combining real-time network logging, SIEM analytics, and machine learning-driven anomaly detection to identify suspicious patterns early.

🧠 Core Features

Real-time log collection from Mikrotik routers and TP-Link smart switches.
Splunk integration for advanced log indexing, searching, and pattern detection.
Python-driven ML system using Isolation Forest to identify abnormal behaviors from employees.
Visual analytics: detailed graphs showing event trends, anomalies, mean + standard deviation, and regression trends.
Scalable framework ready for integration with larger real-world datasets or SOC environments.

📦 Source Code & Documentation

All source code, detailed configurations, network diagrams, and example datasets are openly available on GitHub:
🔗 https://github.com/MNafari/Mikrotik-AI-Splunk
We provide clear documentation, architecture explanations, and example outputs for easy replication.

🧪 How to Use

1️⃣ Set up Mikrotik router and TP-Link switch to route and mirror traffic to Splunk.
2️⃣ Configure Splunk data inputs for syslog ingestion.
3️⃣ Run insider_detector.py to extract and count key events.
4️⃣ Run ai_ml_detector.py to apply machine learning analysis and generate detailed plots.
5️⃣ Review visual outputs and alerts to identify risky patterns.

💡 Future Improvements

Expand ML models: One-Class SVM, LSTM for time-series forecasting, or ensemble methods.

Introduce automated alerting (Slack, email, SIEM triggers).

Integrate more data sources: endpoint logs, application usage, cloud access.

Build a live SOC dashboard to visualize internal risk in real time.

🤝 Author
M. Nafari
Cybersecurity & AI Researcher
✉ m.nafarai@gmail.com

⚡ Why This Matters on ReadyTensor
At its heart, this project is about showcasing how AI and machine learning can be harnessed in cybersecurity beyond just external attack detection.
It directly targets internal human-driven risks, one of the hardest-to-detect attack surfaces.