Security logs analysis (big data) using Arcsight SIEM tool

Abstract

The main purpose of this project is to present a method for making Big Data analysis for Security Logs. This method should take as an input a great amount and variety of Data and analyze them in order to make useful conclusions about who made a malicious action, an information leakage, etc. The best method to achieve that in a big company where there are tons of logs is by using a SIEM. SIEM tool provide the ability to normalize and correlate log data from multiple sources on networks. The usage of a SIEM can also provide auditing controls checks, either the compliance of policies or of legal requirements and reduces the costs of them through the centralization of all events that occur in a big company. Moreover it can assist in early identification of the insider threat by correlating personal background investigations and normal user action information with the individual’s online activities. This Thesis presents the HP Arcsight Technology and Architecture SIEM solution. It’s a SIEM solution that provides a variety of actions in order to perfectly understand and analyze all the logs that come out from enterprise systems, such as OS logs, DB logs, etc. An analytic presentation it’s going to be done from the collection of logs until the final output of Arcsight(correlated events, Dashboars, Active Channels, etc).