Please use this identifier to cite or link to this item:

http://hdl.handle.net/10609/118586
Title: Desplegar la herramienta "Zeek IDS" y su posterior explotación para el análisis de actividades sospechosas en la red
Author: Paulo Carvalho, Adelino Manuel
Director: Borja Guaita Perez
Tutor: Helena Rifà Pous
Keywords: Zeek, IDS, SIEM
Issue Date: Jun-2020
Publisher: Universitat Oberta de Catalunya (UOC)
Abstract: The purpose of this work is to deploy an intrusion detection system and other anomalous events on the network. The objective is to detect anomalies in real-time but also to have a database of historical information for the investigation of attacks, intrusions, and their consequences and severity. Zeek-IDS is deployed as a network traffic capture sensor and Elasticsearch as an information database and this combination has shown enormous potential and versatility. On the one hand, passive capture of information from network protocols is achieved and, thus, without impact on operations and, on the other, its storage is ensured in a scalable and flexible system that allows access to information in real-time, its processing and analysis, but also, access to machine learning algorithms for detecting anomalies unattended. Today, continuous event management has replaced yesterday's incident response analysis, and the solution deployed, using Kibana and Elastic SIEM, provides the interface, tools and functionalities necessary for monitoring network activity and incident management. The configuration of detection rules and also of ElastAlert, as a notification system, has created an optimal environment for autonomous network monitoring and with integrated management of incident investigation.
Language: Spanish
URI: http://hdl.handle.net/10609/118586
Appears in Collections:Bachelor thesis, research projects, etc.

Share:
Export:
Files in This Item:
File Description SizeFormat 
apaulo+TFM+062020.pdf7.27 MBAdobe PDFView/Open

This item is licensed under a Creative Commons License Creative Commons