Show simple item record

SIEM-ENABLED CYBER EVENT CORRELATION (WHAT AND HOW)

dc.contributor.advisorFulp, John D.
dc.contributor.advisorSingh, Gurminder
dc.contributor.authorMyers, Kurt J.
dc.contributor.authorChristopher, Fidel E.
dc.date.accessioned2018-10-26T19:22:06Z
dc.date.available2018-10-26T19:22:06Z
dc.date.issued2018-06
dc.identifier.urihttps://hdl.handle.net/10945/60443
dc.description.abstractThis capstone evaluates the capabilities and potential usefulness of a Security Information and Event Management (SIEM) system in the detection of malicious network activities. The emphasis of this project was to select and configure a Free and Open Source SIEM (FOSS) to perform automated detection and alerting of malicious network events based upon predefined indicators of compromise. To test these functionalities, a virtual lab network consisting of a combination of Windows servers and Windows and Linux workstations was built to provide a proof-of-concept environment for testing the chosen FOSS SIEM. From within the lab network, a series of malicious cyber actions were executed to evaluate how well our configured FOSS solution detected and reported them. As SIEM solutions are increasingly deployed to help automate cyber defense, we hope this study motivates the adoption of FOSS solutions by organizations that may not be able to afford a commercial solution, or—perhaps— may simply prefer the advantages of free and open-source solutions.en_US
dc.description.urihttp://archive.org/details/siemenabledcyber1094560443
dc.publisherMonterey, CA; Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleSIEM-ENABLED CYBER EVENT CORRELATION (WHAT AND HOW)en_US
dc.typeThesisen_US
dc.contributor.departmentInformation Sciences (IS)
dc.contributor.departmentInformation Sciences (IS)
dc.subject.authorSecurity Information and Event Managementen_US
dc.subject.authorincident detectionen_US
dc.subject.authorlog analysisen_US
dc.description.recognitionOutstanding Thesisen_US
dc.description.serviceChief Petty Officer, United States Navyen_US
dc.description.servicePetty Officer First Class, United States Navyen_US
etd.thesisdegree.nameMaster of Science in Applied Cyber Operationsen_US
etd.thesisdegree.nameMaster of Science in Applied Cyber Operationsen_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.disciplineApplied Cyber Operationsen_US
etd.thesisdegree.disciplineApplied Cyber Operationsen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US
dc.identifier.thesisid31946
dc.description.distributionstatementApproved for public release; distribution is unlimited.


Files in this item

Thumbnail
Name:
18Sep_Christopher_Myers.pdf
Size:
2.461Mb
Format:
PDF
View/Open

This item appears in the following Collection(s)

Show simple item record