Show simple item record

dc.contributor.authorKimathi, Collins Chandi
dc.date.accessioned2017-11-20T09:29:02Z
dc.date.available2017-11-20T09:29:02Z
dc.date.issued2017
dc.identifier.urihttp://hdl.handle.net/11071/5615
dc.descriptionThesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore Universityen_US
dc.description.abstractThe rise in cyber attacks against organisations and government agencies has created a need for improving security and monitoring of Information Technology assets. Analysis and monitoring of security events are one of the key areas when it comes to detecting and preventing security compromises in any organisation. While intrusion detection and prevention are often used to measure security management in an organisation, there are challenges of false positives, false negatives and information overload to the analysts tasked with monitoring. This work proposes to deliver an event collection and analysis system to monitor the security of Information Technology assets that have Windows Operating Systems, a centralised log management tool and dashboards to monitor analysed events in real-time for security alarms. The system will involve an agent to collect security and events from Windows Operating systems and send the events in a readable JSON format to the processing server for analysis and there after visualisation of various security events of interest. While security alarms such as bruteforce attacks can be identified and escalated to the security analysts. Testing was carried out by generating the desired security events from a Windows 10 virtual machine that were captured by the designed system.en_US
dc.language.isoenen_US
dc.publisherStrathmore Universityen_US
dc.subjectLog Analysisen_US
dc.subjectThreat Detectionen_US
dc.subjectApplication Logen_US
dc.subjectKnowledge Discoveryen_US
dc.subjectAnomaly Detectionen_US
dc.subjectElasticsearchen_US
dc.titleA Platform for monitoring of security and audit events: a test case with windows systemsen_US
dc.typeThesisen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record