System Information And Event Management System

Hello, my name is Jamie Hernandez and for my capstone I made a Security Information and Event Management system (SIEM). The purpose of this project is to create a cost effective solution for viewing events and security alerts. With the increasing volume and complexity of security-related data, organizations require a centralized solution to effectively manage and respond to security incidents.

SIEMs provide real-time threat detection by analyzing log data from multiple sources, enabling these organizations to quickly identify and respond to potential security threats. There is a web based dashboard that makes for quick and easy viewing of a few of the major monitoring dashboards displaying data from Suricata. Suricata is an open-source network intrusion detection and prevention system designed to monitor network traffic for malicious activities and attacks. With Kibana and Elasticsearch, this offers a centralized view of security-related events and data provided by the SIEM that can help to reduce the workload on security teams.

The ELK stack does well with collecting, processing, and visualizing large data logs and can scale well horizontally by adding nodes to the Elasticsearch cluster. Also, Suricata generates a huge amount of log data in the form of an EVE output format where all the information is stored in a single JSON file. However, for this project, we will keep the logs simple as the size of some of them can become overwhelming and difficult to manage.

With this SIEM, a user can track web traffic on their network by using the interactive dashboards that allows the user to filter through the data charts. Each page displays a separate dataset from different Beats data shippers used by Elasticsearch. These Beats shippers collect, parse, and send data to Elasticsearch while Kibana allows the data to be easily read and displayed.

With the SIEM running on the home network, we use Amazon EC2 to host the react application. Using the Amazon free tier made it cheap and easy to set up a virtual machine to make the web application remotely accessible with the added bonus of not needing to tunnel into the network to use the Kibana interface.

This project taught me a lot about networking, API calls, creating user interfaces, and defensive security measures. I gained some experience using EC2 instances and Javascript and saw the importance of time management. It was a nice introduction to these things while leaving a lot of room to continue learning.