Nikki Sadvand

Projects

Cybersecurity projects aligned with SOC analyst and DFIR workflows.

SOC / SIEM

Elastic SIEM Endpoint Telemetry (Sysmon)

Fleet-managed endpoint telemetry pipeline using Sysmon v15+ validated with KQL queries in Kibana Discover.

  • Process, network, and PowerShell events
  • SOC-style validation in Discover
GitHub Repo
SOC / SIEM

Elastic SIEM Network Telemetry (Zeek)

Deployed Zeek sensor and ingested DNS and connection logs into Elastic SIEM.

  • 1,500+ events validated
  • Network-focused SOC detections
GitHub Repo
SOC / SIEM

Splunk Detections & Dashboards

SPL detections and dashboards for authentication failures and suspicious activity.

  • Event ID 4625 / 4672
  • Triage-focused dashboards
GitHub Repo
DFIR

Digital Forensics Investigation

Reconstructed an intrusion timeline using logs and forensic artifacts.

  • IIS logs and persistence artifacts
  • Evidence-based conclusions
GitHub Repo
Threat Intelligence

IOC Hunting & CTI Analysis

Processed 30,000+ indicators to support CTI enrichment workflows.

  • OTX indicators
  • API-driven enrichment
GitHub Repo
Computer Architecture

8-bit ALU & Simple CPU

Designed and implemented an 8-bit CPU in Logisim-evolution.

  • ALU operations and control unit
  • Instruction execution
GitHub Repo