A Platform for monitoring of security and audit events: a test case with windows systems
Date
2017
Authors
Kimathi, Collins Chandi
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
The rise in cyber attacks against organisations and government agencies has created a need for improving security and monitoring of Information Technology assets. Analysis and monitoring of security events are one of the key areas when it comes to detecting and preventing security compromises in any organisation. While intrusion detection and prevention are often used to measure security management in an organisation, there are challenges of false positives, false negatives and information overload to the analysts tasked with monitoring. This work proposes to deliver an event collection and analysis system to monitor the security of Information Technology assets that have Windows Operating Systems, a centralised log management tool and dashboards to monitor analysed events in real-time for security alarms. The system will involve an agent to collect security and events from Windows Operating systems and send the events in a readable JSON format to the processing server for analysis and there after visualisation of various security events of interest. While security alarms such as bruteforce attacks can be identified and escalated to the security analysts. Testing was carried out by generating the desired security events from a Windows 10 virtual machine that were captured by the designed system.
Description
Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore University
Keywords
Log Analysis, Threat Detection, Application Log, Knowledge Discovery, Anomaly Detection, Elasticsearch