This project investigates native Windows Security log data using Splunk to simulate real-world threat detection practices in a SOC (Security Operations Center) environment. The objective is to identify and understand system activity patterns, detect suspicious behaviors, and apply basic detection logic using SPL (Search Processing Language).