Security monitoring tool system using threat intelligence vs threat hunting
This project is about developing a Security Monitoring Tool System using Graylog SIEM (Security Information Event Management) with a combination of Threat Intelligence and an expected outcome for Threat Hunting results. This is built in accordance to specific ruleset been made for threat hunting...
Saved in:
| Main Author: | |
|---|---|
| Format: | Monograph |
| Published: |
Open University Malaysia
2021
|
| Subjects: | |
| Online Access: | http://library.oum.edu.my/repository/1435/1/library-document-1435.pdf http://library.oum.edu.my/repository/1435/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.oum.1435 |
|---|---|
| record_format |
eprints |
| spelling |
my.oum.14352022-06-30T03:34:41Z Security monitoring tool system using threat intelligence vs threat hunting Wan Ikbal Ismat Wan Kamal, QA75 Electronic computers. Computer science This project is about developing a Security Monitoring Tool System using Graylog SIEM (Security Information Event Management) with a combination of Threat Intelligence and an expected outcome for Threat Hunting results. This is built in accordance to specific ruleset been made for threat hunting purposes with an automation of logs from Windows endpoint host and Network activity. A datasets of Threat Intelligence enrichment will be integrated to the provided platform which is Graylog. Main objective is to ensure Security Analyst or Network Analyst to have a look at any suspicious behavior of attacks by hackers and act to it in a timely manner. Most organizations normally ingesting network and endpoint logs to the SIEM tools and integrating with some commercial tools to detect or trigger anomalies and directly send them notifications via email or 3rd party channel like Slack channel. Bear in mind that, the commercial tools is highly expensive and not really cost effective, however with this development definitely will help them to deploy the same approach with very limited budget or could be at zero cost for small medium enterprise but for big enterprise it will only cost $1500 at fixed price which considered as cheaper than the other tools. There are many developments out there whereby they are using wellknown open-source IDS like Suricata and open source SIEM like elastic stack comprises of Elasticsearch, Kibana and Logstash. However, in this development, Graylog been used with the usage of Elasticsearch and MongoDB as a database server and to store, search and analyze huge volumes of data ingested. Generally, the Graylog is introduced as a powerful logging tool with a simple user-friendly interface visualized with Grafana as well as offering minimal effort to configure with very low maintenance. Due to that, creating a ruleset for Threat Hunting and Threat Intelligence enrichment, it will be much easier to configure and straight forward to compare with other competitors in the market. (Abstract by author) Open University Malaysia 2021 Monograph NonPeerReviewed text http://library.oum.edu.my/repository/1435/1/library-document-1435.pdf Wan Ikbal Ismat Wan Kamal, (2021) Security monitoring tool system using threat intelligence vs threat hunting. Project Report. Open University Malaysia. (Submitted) http://library.oum.edu.my/repository/1435/ |
| institution |
Open University Malaysia |
| building |
OUM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Open University Malaysia |
| content_source |
OUM Knowledge Repository |
| url_provider |
http://library.oum.edu.my/repository/ |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Wan Ikbal Ismat Wan Kamal, Security monitoring tool system using threat intelligence vs threat hunting |
| description |
This project is about developing a Security Monitoring Tool System using Graylog
SIEM (Security Information Event Management) with a combination of Threat
Intelligence and an expected outcome for Threat Hunting results. This is built in
accordance to specific ruleset been made for threat hunting purposes with an
automation of logs from Windows endpoint host and Network activity. A datasets of
Threat Intelligence enrichment will be integrated to the provided platform which is
Graylog. Main objective is to ensure Security Analyst or Network Analyst to have a
look at any suspicious behavior of attacks by hackers and act to it in a timely manner.
Most organizations normally ingesting network and endpoint logs to the SIEM tools
and integrating with some commercial tools to detect or trigger anomalies and directly
send them notifications via email or 3rd party channel like Slack channel. Bear in mind
that, the commercial tools is highly expensive and not really cost effective, however
with this development definitely will help them to deploy the same approach with very
limited budget or could be at zero cost for small medium enterprise but for big
enterprise it will only cost $1500 at fixed price which considered as cheaper than the
other tools. There are many developments out there whereby they are using wellknown open-source IDS like Suricata and open source SIEM like elastic stack
comprises of Elasticsearch, Kibana and Logstash. However, in this development,
Graylog been used with the usage of Elasticsearch and MongoDB as a database server
and to store, search and analyze huge volumes of data ingested. Generally, the Graylog
is introduced as a powerful logging tool with a simple user-friendly interface visualized
with Grafana as well as offering minimal effort to configure with very low
maintenance. Due to that, creating a ruleset for Threat Hunting and Threat Intelligence
enrichment, it will be much easier to configure and straight forward to compare with
other competitors in the market. (Abstract by author) |
| format |
Monograph |
| author |
Wan Ikbal Ismat Wan Kamal, |
| author_facet |
Wan Ikbal Ismat Wan Kamal, |
| author_sort |
Wan Ikbal Ismat Wan Kamal, |
| title |
Security monitoring tool system using threat intelligence vs threat hunting |
| title_short |
Security monitoring tool system using threat intelligence vs threat hunting |
| title_full |
Security monitoring tool system using threat intelligence vs threat hunting |
| title_fullStr |
Security monitoring tool system using threat intelligence vs threat hunting |
| title_full_unstemmed |
Security monitoring tool system using threat intelligence vs threat hunting |
| title_sort |
security monitoring tool system using threat intelligence vs threat hunting |
| publisher |
Open University Malaysia |
| publishDate |
2021 |
| url |
http://library.oum.edu.my/repository/1435/1/library-document-1435.pdf http://library.oum.edu.my/repository/1435/ |
| _version_ |
1738513534633902080 |
| score |
13.211869 |