I am putting together a compact SIEM written in Python with a Flask front-end that ingests log files, spots brute-force behaviour and raises alerts in real time. The collector must read three streams—system, application and network logs—parse them efficiently and normalise the relevant fields so the detection logic can run smoothly. The correlation engine should recognise the three classic brute-force patterns I care about: password guessing, credential stuffing and dictionary attacks. Feel free to implement any proven techniques—sliding-window counters, IP and username reputation tables or threshold-based heuristics—so long as they remain fast and clear to audit. Whenever a rule fires I need three parallel notifications: an email, an SMS and an on-screen alert inside the Flask dashboard. The web UI already exists in skeleton form; your task is to wire the alert feed into it and make the interface show key details (timestamp, source IP, affected account and rule name). Deliverables • Clean, well-commented Python code (PEP 8 compliant) • Updated Flask templates and CSS for the alert view • A markdown setup guide plus an example log bundle for testing • Unit tests that cover the parsing and detection functions • Confirmation that email, SMS (Twilio) and in-app channels all trigger as expected I’ll sign off the project once the demo environment processes the provided sample logs, flags each attack type correctly and the three alert channels fire without delay.