GRADUATION PROJECT
Security Information and Event Management Enhancement by Leveraging Cyber Security Systems
Ömer YILDIRIM & Veli Karagül
The information security is one of the most important issues in the information age. Protecting the information is one of the main responsibilities of individuals, institutions and even governments. For this purpose, lots of cyber security software are used in critical institutions. Security information and event management (SIEM) software provides organizations real-time analysis of security alerts generated by applications and network hardware. It works bycollecting log and event data generated by an organizations application, security devices and host systems and bringing it together into a single centralized platform.
This project contains several implementations and enhancement methods by which companies customize their own SIEM products for their security. To develop this project open-source programming languages and products will be used so that any company can do their own configuration on this project. This project targets to assist Security Operations Center managers so that they can manage entire network traffic through SIEM product. The enhancement part is taking open-source threat intelligence services such as Malware Information Sharing Platform (MISP) and Ulusal Siber Olaylara Müdahale Merkezi (USOM) as a reference. After that, if any malicious activity is detected in the logs by Treated Intelligence Services the software developed during this project will create an automatic alert to prevent this malicious activity using the SIEM product’s Application Programming Interface (API). This project is only available for SIEM products and threat intelligence services that are capable of managing API.
- SIEM
- CTI
- XAMMP
- MySQL
- Apache
- Firewall
- CTI services information collection in one point
- System Health can be seen as SIEM , connnection health
- Connection can be update,delete and monitor by admins
- In monitoring, scanned data can be seen as graphical interface.
- Users can be created in accounts tab.Admins can create,update and assign roles to users.
- Top 10 country can be seen to block as a country
- In reports tab, all scanned data can be seen as report.Reports are can be generated as pdf,exel.
Dillinger uses a number of open source projects to work properly:
- [Html] - HTML enhanced for web apps!
- [Javascript] - awesome web-based text editor
- [Css] - use to style an HTML document.
- [Twitter Bootstrap] - great UI boilerplate for modern web apps
- [PHP] - popular general-purpose scripting language that is especially suited to web development.
- [Xammp] - Apache wev Server ,mysql database
- [Firewall] - Windows Firewall
- [VmWare] - Virtualization Tech for labs
- [jQuery] - duh
- Install Xammp and make sure that apache and mysql services are working properly.
- Download the project in folder %install_dir_for_xammp/htdocs/
- Then go to project on url by typing
- localhost:apacheServerPort/SIEM_Enhancement/index.php
Here you go ...
