| Summary: | This project is about developing a Security Monitoring Tool System using Graylog
SIEM (Security Information Event Management) with a combination of Threat
Intelligence and an expected outcome for Threat Hunting results. This is built in
accordance to specific ruleset been made for threat hunting purposes with an
automation of logs from Windows endpoint host and Network activity. A datasets of
Threat Intelligence enrichment will be integrated to the provided platform which is
Graylog. Main objective is to ensure Security Analyst or Network Analyst to have a
look at any suspicious behavior of attacks by hackers and act to it in a timely manner.
Most organizations normally ingesting network and endpoint logs to the SIEM tools
and integrating with some commercial tools to detect or trigger anomalies and directly
send them notifications via email or 3rd party channel like Slack channel. Bear in mind
that, the commercial tools is highly expensive and not really cost effective, however
with this development definitely will help them to deploy the same approach with very
limited budget or could be at zero cost for small medium enterprise but for big
enterprise it will only cost $1500 at fixed price which considered as cheaper than the
other tools. There are many developments out there whereby they are using wellknown open-source IDS like Suricata and open source SIEM like elastic stack
comprises of Elasticsearch, Kibana and Logstash. However, in this development,
Graylog been used with the usage of Elasticsearch and MongoDB as a database server
and to store, search and analyze huge volumes of data ingested. Generally, the Graylog
is introduced as a powerful logging tool with a simple user-friendly interface visualized
with Grafana as well as offering minimal effort to configure with very low
maintenance. Due to that, creating a ruleset for Threat Hunting and Threat Intelligence
enrichment, it will be much easier to configure and straight forward to compare with
other competitors in the market. (Abstract by author)
|
|---|