SIEM-ENABLED CYBER EVENT CORRELATION (WHAT AND HOW)
Myers, Kurt J.
Christopher, Fidel E.
Fulp, John D.
MetadataShow full item record
This capstone evaluates the capabilities and potential usefulness of a Security Information and Event Management (SIEM) system in the detection of malicious network activities. The emphasis of this project was to select and configure a Free and Open Source SIEM (FOSS) to perform automated detection and alerting of malicious network events based upon predefined indicators of compromise. To test these functionalities, a virtual lab network consisting of a combination of Windows servers and Windows and Linux workstations was built to provide a proof-of-concept environment for testing the chosen FOSS SIEM. From within the lab network, a series of malicious cyber actions were executed to evaluate how well our configured FOSS solution detected and reported them. As SIEM solutions are increasingly deployed to help automate cyber defense, we hope this study motivates the adoption of FOSS solutions by organizations that may not be able to afford a commercial solution, or—perhaps— may simply prefer the advantages of free and open-source solutions.
Approved for public release. distribution is unlimited
Showing items related by title, author, creator and subject.
Sellers, Kristin R. (Monterey, California: Naval Postgraduate School, 2016-09);Computer systems continue to be at risk of attack by malicious software that are attached to email. Email has been determined to be the cause of 80% of computer virus infections. Millions of dollars are lost yearly due to ...
Irvine, Cynthia E. (ITEA Journal, 2000-06-00);Computer security addresses the problem of enforcement of security policies in the presence of malicious users and software. Systems enforcing mandatory policies can create confinement domains that limit the damage incurred ...
A software assurance framework for mitigating the risks of malicious software in embedded systems used in aircraft Ginn, Robert C. (Monterey, California. Naval Postgraduate School, 2011-09);techniques that can be used to detect malicious code in individual aircraft Weapons Replaceable Assemblies (WRAs)