Accession Number:

AD1065276

Title:

Siem-Enabled Cyber Event Correlation (What And How)

Descriptive Note:

Technical Report

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA MONTEREY United States

Personal Author(s):

Report Date:

2018-09-01

Pagination or Media Count:

133.0

Abstract:

This capstone evaluates the capabilities and potential usefulness of a Security Information and Event Management SIEM system in the detection of malicious network activities. The emphasis of this project was to select and configure a Free and Open Source SIEM FOSS to perform automated detection and alerting of malicious network events, based upon predefined indicators of compromise. To test these functionalities, a virtual lab network consisting of a combination of Windows servers and Windows and Linux workstations was built to provide a proof of concept environment for testing the chosen FOSS SIEM. From within the lab network, a series of malicious cyber actions were executed to evaluate how well our configured FOSS solution detected and reported them. As SIEM solutions are increasingly deployed to help automate cyber defense, we hope this study motivates the adoption of FOSS solutions by organizations that may not be able to afford a commercial solution, orperhapsmay simply prefer the advantages of free and open-source solutions.

Subject Categories:

  • Computer Systems

Distribution Statement:

APPROVED FOR PUBLIC RELEASE