Logo do repositório
 
Miniatura
Publicação

Implementação de um SIEM no contexto de uma instituição de ensino

2025Dissertação de mestrado Acesso aberto
http://hdl.handle.net/10400.5/116653
Utilize este identificador para referenciar este registo.
Nome:Descrição:Tamanho:Formato: 
TM_Miguel_Silva.pdf4.77 MBAdobe PDF Ver/Abrir

Autores

Silva, Miguel Pimenta Marques

Orientador(es)

Resumo(s)

With the advancement of technology, it is common for the number of vulnerable systems to increase proportionally. Companies and organizations encounter difficulties when trying to protect their networks and systems, a reality that is no different for schools, universities and research institutions, where their budget is generally more limited and the lack of resources aggravates the implementation of security controls. In this context, SIEM (Security Information and Event Management) tools are valuable resources for monitoring and correlating events, allowing the early identification of potential attacks and threats to the security of computer systems. However, most of the solutions available on the market are commercial, making them less accessible to organizations with limited budgets. This project addresses a comparative analysis of free and open-source solutions, highlighting their functionalities and limitations. Among these, OSSIM and Wazuh were selected, which were subjected to threat detection scenarios during laboratory experiments, enabling the development of customized normalization and analysis rules, as well as the evaluation of active response mechanisms. Based on the results obtained, Wazuh was selected and implemented in the Department of Computer Science of the Faculty of Sciences of the University of Lisbon, adapting it to the existing infrastructure. The solution demonstrated effectiveness in monitoring network traffic, detecting exploitation attempts on web servers, monitoring SSH access, and detecting malicious files. In addition to the practical implementation, the work also compiled a set of recommendations and best practices aimed at continuously improving the security posture of the Department and, more broadly, the Faculty. This work could therefore serve as a reference for other organizations wishing to adopt a free SIEM solution to strengthen their security posture.

Descrição

Tese de Mestrado, Segurança Informática, 2025, Universidade de Lisboa, Faculdade de Ciências

Palavras-chave

SIEM OSSIM WAZUH Monitoring Educational Institution

URI

http://hdl.handle.net/10400.5/116653

Contexto Educativo

Citação

Projetos de investigação

Unidades organizacionais

Fascículo

Editora

Coleções

Pure > Dspace
PURE > Dspace - Faculdade de Ciências

Licença CC