Security monitoring tool system using threat intelligence vs threat hunting

Wan Ikbal Ismat Wan Kamal, (2021) Security monitoring tool system using threat intelligence vs threat hunting. Project Report. Open University Malaysia. (Submitted)

[img]
Preview
 Text
library-document-1435.pdf - Submitted Version
Available under License Creative Commons Attribution No Derivatives.
Download (1002Kb) | Preview

Abstract

This project is about developing a Security Monitoring Tool System using Graylog SIEM (Security Information Event Management) with a combination of Threat Intelligence and an expected outcome for Threat Hunting results. This is built in accordance to specific ruleset been made for threat hunting purposes with an automation of logs from Windows endpoint host and Network activity. A datasets of Threat Intelligence enrichment will be integrated to the provided platform which is Graylog. Main objective is to ensure Security Analyst or Network Analyst to have a look at any suspicious behavior of attacks by hackers and act to it in a timely manner. Most organizations normally ingesting network and endpoint logs to the SIEM tools and integrating with some commercial tools to detect or trigger anomalies and directly send them notifications via email or 3rd party channel like Slack channel. Bear in mind that, the commercial tools is highly expensive and not really cost effective, however with this development definitely will help them to deploy the same approach with very limited budget or could be at zero cost for small medium enterprise but for big enterprise it will only cost $1500 at fixed price which considered as cheaper than the other tools. There are many developments out there whereby they are using wellknown open-source IDS like Suricata and open source SIEM like elastic stack comprises of Elasticsearch, Kibana and Logstash. However, in this development, Graylog been used with the usage of Elasticsearch and MongoDB as a database server and to store, search and analyze huge volumes of data ingested. Generally, the Graylog is introduced as a powerful logging tool with a simple user-friendly interface visualized with Grafana as well as offering minimal effort to configure with very low maintenance. Due to that, creating a ruleset for Threat Hunting and Threat Intelligence enrichment, it will be much easier to configure and straight forward to compare with other competitors in the market. (Abstract by author)

Item Type: Monograph (Project Report)
Additional Information: A Final Year Project submitted in fulfilment of the requirements for the degree of Bachelor of Information Technology in Network Computing with Honours (BITN)
Uncontrolled Keywords: Graylog, Threat Intelligence, Threat Hunting, Centralized Log , Project paper , MITN Solution, Security Monitoring Tool , Project paper, Bachelor of Information Technology in Network Computing with Honours (BITN), BITN, Final Year Project Paper
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Faculty of Applied Sciences
Depositing User: Shahril Effendi Ibrahim
Date Deposited: 16 Jun 2022 05:10
Last Modified: 30 Jun 2022 03:34
URI: http://library.oum.edu.my/repository/id/eprint/1435

Actions (login required)

View Item View Item
Open University Malaysia Knowledge Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.