Desplegar la herramienta "Zeek IDS" y su posterior explotación para el análisis de actividades sospechosas en la red

Paulo Carvalho, Adelino Manuel

Please use this identifier to cite or link to this item: http://hdl.handle.net/10609/118586

Title:	Desplegar la herramienta "Zeek IDS" y su posterior explotación para el análisis de actividades sospechosas en la red
Author:	Paulo Carvalho, Adelino Manuel
Director:	Rifà-Pous, Helena
Tutor:	Guaita Pérez, Borja
Abstract:	The purpose of this work is to deploy an intrusion detection system and other anomalous events on the network. The objective is to detect anomalies in real-time but also to have a database of historical information for the investigation of attacks, intrusions, and their consequences and severity. Zeek-IDS is deployed as a network traffic capture sensor and Elasticsearch as an information database and this combination has shown enormous potential and versatility. On the one hand, passive capture of information from network protocols is achieved and, thus, without impact on operations and, on the other, its storage is ensured in a scalable and flexible system that allows access to information in real-time, its processing and analysis, but also, access to machine learning algorithms for detecting anomalies unattended. Today, continuous event management has replaced yesterday's incident response analysis, and the solution deployed, using Kibana and Elastic SIEM, provides the interface, tools and functionalities necessary for monitoring network activity and incident management. The configuration of detection rules and also of ElastAlert, as a notification system, has created an optimal environment for autonomous network monitoring and with integrated management of incident investigation.
Keywords:	Zeek SIEM IDS
Document type:	info:eu-repo/semantics/masterThesis
Issue Date:	1-Jun-2020
Publication license:	http://creativecommons.org/licenses/by-nc-nd/3.0/es/
Appears in Collections:	Trabajos finales de carrera, trabajos de investigación, etc.