Used Splunk SIEM to monitor and analyze simulated web access logs for potential security threats. Sample log files were ingested and queried to identify anomalies such as repeated timestamps and suspicious URI access patterns. Two incidents were documented: a possible reconnaissance attempt detected through clustered log entries with identical timestamps, and suspicious access behavior based on HTTP error codes and endpoint paths. The final report includes detailed search queries, incident classification, remediation suggestions, and screenshots from the Splunk dashboard.