Ενίσχυση των δυνατοτήτων ανίχνευσης απειλών σε περιβάλλοντα Windows και CentOS μέσω της ανάλυσης συστημικών και firewall logs από το QRadar
Enhancing threat detection capabilities in Windows and Centos environments through QRadar analysis of system and Firewall logs
View/
Keywords
SOC ; Qradar ; Cybersecurity ; Windows ; CentOSAbstract
The purpose of this work is to explore the art of identifying and addressing risks within a Security Operations Center (SOC). For its creation using IBM QRadar, the process began with the installation of VMware on a Windows 10 computer and the deployment of a QRadar Community Edition 7.5.0 virtual machine from an ISO file. QRadar functions as a central monitoring and analysis platform. Subsequently, several virtual machines were created: a Windows 10 Pro computer, a Kali Linux computer, and a honeypot running CentOS 8. Each machine was configured to generate and send logs to QRadar, where the respective Log Sources were configured for the ingestion and interpretation of this data.
Once the infrastructure was ready, nine use cases were defined to simulate various attack scenarios, aiming to test and validate QRadar’s Rule Correlation Engine. The methodology involved executing attacks against the virtual machines, monitoring, and analyzing the logs generated within QRadar. Based on the observed patterns and behaviors, custom correlation rules were created and implemented in QRadar to detect and respond to these simulated threats. The effectiveness of these rules was then validated by re-executing the attacks to ensure that QRadar accurately recognized and responded to each scenario. This comprehensive lab setup and testing process effectively represent the workflow and capabilities of a real SOC, demonstrating how custom rules can enhance network protection through the detection and response to security incidents.
Department
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα ΠληροφορικήςNumber of pages
42Language
GreekCollections
Except where otherwise noted, this item's license is described as
Αναφορά Δημιουργού 3.0 Ελλάδα
Αναφορά Δημιουργού 3.0 Ελλάδα