Please use this identifier to cite or link to this item:
Title: Security analytics with Elastic
Author: Mateos Martinez, Eduard
Director: Rifà Pous, Helena  
Tutor: Canto Rodrigo, Pau del
Keywords: Elastic
machine learning
Issue Date: 2-Jun-2020
Publisher: Universitat Oberta de Catalunya (UOC)
Abstract: Cyberattacks can be very diverse and the information systems are often distributed. In many cases, these criminal behaviours are reflected in the different logs. Therefore, they often need to be identified, monitored and reviewed. However, due to the amount of logs that can be generated, this task becomes very difficult. Obtaining logs from different sources and processing them together allows us to see traceable flows and actions that, individually reviewed, are not so obvious. Carrying out this monitoring is not trivial and it is necessary to have some utility or tool to be able to centralize this information and be able to process it. In order to centralize all this information, the ElasticSearch Stack will be used in this project. ElasticSearch has different products to store and search information. Recently, ElasticSearch SIEM has been published. It is a new feature that allows us to detect different anomalies. I have planned some pilot scenarios to evaluate this product. They will contain the most common technologies that can be present in an organization. By simulating different attacks, we will generate data to add it in ElasticSearch and use the SIEM functionality to discover anomalies. Due to the popularity of Cloud Computing in business, the second scenario proposed is based on a real case that uses the services of Amazon Web Service on a productive system. The last scenario will be based on the Machine Learning features. It is the premium version of ElasticSearch and it will be used to process the logs obtained above.
Language: Catalan
Appears in Collections:Bachelor thesis, research projects, etc.

Files in This Item:
File Description SizeFormat 
emateosmartinezTFM0620memòria.pdfMemoria del TFM17.13 MBAdobe PDFView/Open

This item is licensed under a Creative Commons License Creative Commons