Feasibility to implement a SIEM based on Open-source applications

University essay from KTH/Skolan för elektroteknik och datavetenskap (EECS)

Abstract: As more and more things digitize, the need of logging events and managing these logs increases. To be able to makes sense of these logs, a (Security Information and Event Management) SIEM tool is commonly used both to correlate the events and as a tool to analyze the logs. However, a fully commercial solution in the form of a SIEM can be expensive which might not be an option for smaller companies. This thesis examines the feasibility to develop a lightweight solution based on open-source applications. To be able to develop said solution, research will be done on logging and event correlation to determine the most suitable solutions for this project. The final implementation resulted in a lightweight SIEM with a few rules with a rule-structure to relatively easily add rules. A visual tool to display alarms and logs was also implemented. FortiSIEM, which is a well-known SIEM created by Fortinet will be used as a point of reference to analyze its properties. The implementation is functional, but does not live up to the standard of FortiSIEM. 

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)