DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1039923
Title:
Generating Artificial Snort Alerts and Implementing SELK: The Snort-Elasticsearch-Logstash-Kibana Stack
Corporate Author:
US Army Research Laboratory Adelphi United States
Report Date:
2017-09-01
Abstract:
This report details the development of an artificial Snort alert generator and the configuration of a Snort-Elasticsearch-Logstash-Kibana SELK stack for parsing, storing, visualizing, and analyzing Snort alerts. The first section covers the Snort alert-generation program, the methodology involved in developing it, and how it accelerates Snort-related research. The second section covers the development of configuration files and the pipeline for the SELK stack, followed by its deployment and uses. We develop the program, genalerts.py, which takes in a Snort rules file and generates artificial Snort alerts with a specified priority distribution for outputting high, medium, low, and very low alerts based on Snorts classifications. We construct the ELK pipeline, using Logstash to parse and organize Snort alerts. These generated alerts head this pipeline to create the SELK stack. To enable rapid deployment, we implement this system in a lightweight Lubuntu virtual machine that can be imported and used with VirtualBox or VMware. In addition, we provide an instructional guide on system setup. The methodologies described can be translated to the setup and use of the ELK stack for storing and visualizing any data.
Descriptive Note:
Technical Report,01 Jun 2016,12 Aug 2016
Pages:
0036
Distribution Statement:
Approved For Public Release;
File Size:
1.02MB
