Desplegar la herramienta "Zeek IDS" y su posterior explotación para el análisis de actividades sospechosas en la red

Pérez Cotillas, Álvaro

Please use this identifier to cite or link to this item: http://hdl.handle.net/10609/118106

Title:	Desplegar la herramienta "Zeek IDS" y su posterior explotación para el análisis de actividades sospechosas en la red
Author:	Pérez Cotillas, Álvaro
Director:	Rifà-Pous, Helena
Tutor:	Guaita Pérez, Borja
Abstract:	The purpose of this project is to implement the Zeek IDS tool for the analysis of security anomalies in network traffic, and to integrate it with the ELK solution (Elasticsearch, Logstash and Kibana), through which the detections made by the intrusion detection system will be sent, as well as the storage, indexing and representation of this data. Once both technologies are integrated into the prepared work environment, the intention is to include an alert system through which, notifications are generated whenever connections to malicious botnet-type websites are found in the data generated by Zeek IDS. In addition to Zeek's functionality, the integration of Mitre ATT&CK's BZAR project have been made, through which, the information of Zeek's detections is extended, adding the categorization of the security attack which was detected. All this functionality has been possible to achieve through a working methodology of product research and subsequent application of the knowledge acquired to practice. Finally, the conclusions obtained are very positive, due to the degree of learning obtained in this project, as well as the usefulness of the solution developed, which could be applied in real environments, like small and medium enterprises that wish to add an extra layer of security to their environments.
Keywords:	IDS Zeek SIEM
Document type:	info:eu-repo/semantics/masterThesis
Issue Date:	29-May-2020
Publication license:	http://creativecommons.org/licenses/by-nc-nd/3.0/es/
Appears in Collections:	Trabajos finales de carrera, trabajos de investigación, etc.