Autors: Nenova, M. V., Iliev, G. L., Hristov M., Avresky D. Title: Integration of Splunk Enterprise SIEM for DDoS Attack Detection in IoT Keywords: SIEM , real-time alert , OSINT , IoT Abstract: Nowadays Security Information and Event Management (SIEM) is a common element of the security stack of every big and medium size company. The SIEM is becoming a vital part of the defense strategy along with firewalls, network Intrusion Prevention System / Intrusion Detection System (IPS/IDS), web/mail security appliances, and Antivirus (AV) solutions. Therefore this paper aims to propose a solution for improving the security posture of an organization by implementing Splunk Enterprise SIEM. The monitoring of various systems in real-time could be a challenge for the security analysts in the Security Operation Center (SOC). With the use of Splunk, all relevant logs are collected and stored in one instance which allows the designing of a “single pane of glass” solution. To illustrate the capabilities of the Splunk Enterprise SIEM, the proposed solution has four real-time alerts for detection of different cases of suspicious and/or malicious activity. One of them is specifically designed References Issue
Copyright IEEE |
Цитирания (Citation/s):
1. M. Selvaganesh, P. Naveen Karthi, V. A. Nitish Kumar and S. R. Prashanna Moorthy, "Efficient Brute-force handling methodology using Indexed-Cluster Architecture of Splunk," 2022 International Conference on Electronics and Renewable Systems (ICEARS), 2022, pp. 697-701, doi: 10.1109/ICEARS53579.2022.9752323. - 2022 - в издания, индексирани в Scopus или Web of Science
2. Adabi Raihan Muhammad, Parman Sukarno, Aulia Arif Wardana, Integrated Security Information and Event Management (SIEM) with Intrusion Detection System (IDS) for Live Analysis based on Machine Learning, Procedia Computer Science, Volume 217, 2023, Pages 1406-1415, ISSN 1877-0509, https://doi.org/10.1016/j.procs.2022.12.339 - 2023 - в издания, индексирани в Scopus или Web of Science
3. Zahid, H.; Hina, S.; Hayat, M.F.; Shah, G.A. Agentless Approach for Security Information and Event Management in Industrial IoT. Electronics 2023, 12, 1831. https://doi.org/10.3390/electronics12081831 - 2023 - в издания, индексирани в Scopus или Web of Science
4. A. Polozhentsev, S. Gnatyuk, R. Berdibayev, V. Sydorenko and O. Zhyharevych, "Novel Cyber Incident Management System for 5G-based Critical Infrastructures," 2023 IEEE 12th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Dortmund, Germany, 2023, pp. 1037-1041, doi: 10.1109/IDAACS58523.2023.10348645 - 2023 - в издания, индексирани в Scopus или Web of Science
5. Brison, R., Wimmer, H., Rebman, C.M., “Botnet intrusion detection: A modern architecture to defend a virtual private cloud”, Issues in Information Systems, Volume 23, Issue 3, pp. 114-127, 2022, DOI: https://doi.org/10.48009/3_iis_2022_110 - 2022 - в издания, индексирани в Scopus или Web of Science
Вид: публикация в международен форум, публикация в реферирано издание, индексирана в Scopus