NCI WEBSITE
NORMA eResearch @NCI Library

Integration of Elastic Search and Kibana SIEM for Malware Detection.

Tools

Rayabandi, Bhanu Prakash (2024) Integration of Elastic Search and Kibana SIEM for Malware Detection. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (2MB) | Preview

Abstract

Today, with computers being a big part of our lives, attackers create new approaches and tools specifically aimed at these systems. Lots of papers have been written about different security methods to identify these troublemakers in company computer setups. But, now a days, significant number of these security methods are outdated, and not as effective due to these main reasons: they mainly emphasis on either network or endpoint security, lacking a structured approach; moreover, they were too simple and vulnerable. To address these shortcomings, an integrated approach that employs a combination of proactive methods and predictive threat mechanisms would result in fast detection and an immediate response using custom rules. This novel method is suitable for small and medium-sized businesses, incorporating the integration of Elastic Search and Kibana with prebuilt detection rules from Elastic. Additionally, I integrated endpoint security also created sigma rules for the purpose of detecting malware. Thus, we put together an exhaustive system for malware detection and analysis both at the network and endpoint level. In this paper, we successfully analysed a series of malware attacks using techniques from the MITRE ATT&CK matrix and was able to create custom sigma rules and alerts using the Elastic search and Kibana. I have integrated windows elastic agent collect metrics and logs from your windows machine. Then visualize that data in Kibana, create custom sigma rules by querying the logs files coming from elastic agent to create alerts for the malwares.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Pantridge, Michael
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Machine learning
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 22 Apr 2025 13:53
Last Modified: 22 Apr 2025 13:53
URI: https://norma.ncirl.ie/id/eprint/7460

Actions (login required)

View Item View Item