A carregar...
Publicação
Event Correlation in Ciências
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 2.74 MB | Adobe PDF |
Autores
Orientador(es)
Resumo(s)
A large number of events are produced and recorded each second in any reasonably sized
Information Technology (IT) infrastructure. These events are potentially interesting for security,
detailing things such as the domains visited by a certain Internet Protocol (IP) address and the
payloads that may have been injected in the existing fields. However, having to inspect entries
in log files to identify suspicious activity manually is not a viable solution. Instead, tools like
Intrusion Detection Systems (IDS) are used to automate the analysis and signal potential malicious
activity.
One of the most popular open-source IDSs is Snort. Snort alerts only provide IP addresses,
ports, and some contextual information. To identify targeted services and confirm if anything
was affected, one should complement the information provided by Snort with additional sources
to understand what happened. By correlating the information received from the alert and other
sources such as the logged information of running services, it is possible to determine what was
affected and its cause, or even determine the legitimacy of attacks and stop them before they do
any harm.
In this project, multiple Security Information and Event Management (SIEM) solutions were
evaluated. One was selected, configured, and used to analyze and normalize data to allow for the
correlation of multiple events to verify a threat’s legitimacy and centralize security data from both
the network and systems into one platform for easy enrichment and visualization of data. The
chosen solution, Wazuh, also served as an extended detection and response (XDR) solution to
detect and act on threats in real-time with the use of agents installed on endpoints.
Descrição
Trabalho de projeto de mestrado, Segurança Informática, 2024, Universidade de Lisboa, Faculdade de Ciências
Palavras-chave
Segurança da informação Sistema de deteção de intrusões SIEM Logs Wazuh Trabalhos de projeto de mestrado - 2024