Skip to content

Commit 18c85b2

Browse files
committed
docs(readme): add example finding summary
1 parent 20acfec commit 18c85b2

1 file changed

Lines changed: 16 additions & 0 deletions

File tree

README.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,22 @@ C++20 defensive log analysis CLI for Linux authentication logs, with parser cove
77

88
It parses `auth.log` / `secure`-style syslog input and `journalctl --output=short-full`-style input, normalizes authentication evidence, applies configurable rule-based detections, and emits deterministic Markdown and JSON reports, with optional CSV exports for findings and warnings.
99

10+
## Example Finding
11+
12+
A compact finding summary is a bounded triage signal, not attribution:
13+
14+
```json
15+
{
16+
"rule_id": "brute_force",
17+
"subject_kind": "source_ip",
18+
"subject": "198.51.100.23",
19+
"window": "10m",
20+
"threshold": 5,
21+
"observed": 8,
22+
"verdict_boundary": "triage_signal_not_attribution"
23+
}
24+
```
25+
1026
## Project Status
1127

1228
LogLens is an MVP / early release. The repository is stable enough for public review, local experimentation, and extension, but the parser and detection coverage are intentionally narrow.

0 commit comments

Comments
 (0)