SIEM-ENABLED CYBER EVENT CORRELATION (WHAT AND HOW)
dc.contributor.advisor | Fulp, John D. | |
dc.contributor.advisor | Singh, Gurminder | |
dc.contributor.author | Myers, Kurt J. | |
dc.contributor.author | Christopher, Fidel E. | |
dc.date.accessioned | 2018-10-26T19:22:06Z | |
dc.date.available | 2018-10-26T19:22:06Z | |
dc.date.issued | 2018-06 | |
dc.identifier.uri | https://hdl.handle.net/10945/60443 | |
dc.description.abstract | This capstone evaluates the capabilities and potential usefulness of a Security Information and Event Management (SIEM) system in the detection of malicious network activities. The emphasis of this project was to select and configure a Free and Open Source SIEM (FOSS) to perform automated detection and alerting of malicious network events based upon predefined indicators of compromise. To test these functionalities, a virtual lab network consisting of a combination of Windows servers and Windows and Linux workstations was built to provide a proof-of-concept environment for testing the chosen FOSS SIEM. From within the lab network, a series of malicious cyber actions were executed to evaluate how well our configured FOSS solution detected and reported them. As SIEM solutions are increasingly deployed to help automate cyber defense, we hope this study motivates the adoption of FOSS solutions by organizations that may not be able to afford a commercial solution, or—perhaps— may simply prefer the advantages of free and open-source solutions. | en_US |
dc.description.uri | http://archive.org/details/siemenabledcyber1094560443 | |
dc.publisher | Monterey, CA; Naval Postgraduate School | en_US |
dc.rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. | en_US |
dc.rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. | en_US |
dc.title | SIEM-ENABLED CYBER EVENT CORRELATION (WHAT AND HOW) | en_US |
dc.type | Thesis | en_US |
dc.contributor.department | Information Sciences (IS) | |
dc.contributor.department | Information Sciences (IS) | |
dc.subject.author | Security Information and Event Management | en_US |
dc.subject.author | incident detection | en_US |
dc.subject.author | log analysis | en_US |
dc.description.recognition | Outstanding Thesis | en_US |
dc.description.service | Chief Petty Officer, United States Navy | en_US |
dc.description.service | Petty Officer First Class, United States Navy | en_US |
etd.thesisdegree.name | Master of Science in Applied Cyber Operations | en_US |
etd.thesisdegree.name | Master of Science in Applied Cyber Operations | en_US |
etd.thesisdegree.level | Masters | en_US |
etd.thesisdegree.level | Masters | en_US |
etd.thesisdegree.discipline | Applied Cyber Operations | en_US |
etd.thesisdegree.discipline | Applied Cyber Operations | en_US |
etd.thesisdegree.grantor | Naval Postgraduate School | en_US |
dc.identifier.thesisid | 31946 | |
dc.description.distributionstatement | Approved for public release; distribution is unlimited. |
Files in this item
This item appears in the following Collection(s)
-
1. Thesis and Dissertation Collection, all items
Publicly releasable NPS Theses, Dissertations, MBA Professional Reports, Joint Applied Projects, Systems Engineering Project Reports and other NPS degree-earning written works. -
2. NPS Outstanding Theses and Dissertations