Malware detection with open source security information and event management (OSSIM)
The digital age has ushered in a golden era of innovation and connectivity. However, this interconnectedness has also created a breeding ground for cyber threats. Malicious actors are constantly developing new attack vectors, exploiting vulnerabilities, and breaching security perimeters. Tradi...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/177214 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | The digital age has ushered in a golden era of innovation and connectivity. However, this
interconnectedness has also created a breeding ground for cyber threats. Malicious actors are
constantly developing new attack vectors, exploiting vulnerabilities, and breaching security
perimeters. Traditional security solutions often struggle to keep pace with this ever-evolving
threat landscape. In addition, modern organization rely on complex IT infrastructure with
multiple endpoints and application. Enterprises are increasingly needing robust network
security analysis system in the face of growing cyber threats.
This final year project tackles the critical need for improved threat detection and response by
developing and implementing a Security Information and Event Management (SIEM) system
built on open-source tools. Wazuh, a comprehensive security monitoring and analysis platform,
forms the core of this system.
Wazuh consists of three key components: Wazuh-Indexer, Wazuh-Manager, and Wazuh-Dashboard. Working together, they provide a data collection, analysis, and visualization engine.
Wazuh-Indexer acts as the central hub, collecting security logs from various sources like
operating systems, network devices, and applications. Wazuh-Manager then analyses these
indexed logs in real-time, identifying potential threats. Finally, Wazuh-Dashboard serves as
the user interface, offering security personnel a centralized view of security events, alerts, and
overall system health.
Beyond Wazuh, the project leverages ElasticSearch for efficient log search, TheHive for
managing security incidents and cases, and VirusTotal integration for multi-engine threat
analysis. Additionally, Cassandra offers potential high-availability storage for specific datasets,
while Shuffle facilitates data sharing, automation, and collaboration between these services.
The successful implementation of this project will provide organizations with a cost-effective
and effective security information and event management system, enhancing their overall
security posture and mitigating cyber threats. |
|---|