This final-year B.Tech Cyber Security project implements a SIEM solution to help organizations monitor, collect, and analyze logs from multiple systems. It enables real-time threat detection, event analysis, and improved incident response, enhancing overall security visibility and management.
-
Centralized Log Management Collects and stores logs from multiple sources such as servers, endpoints, firewalls, and applications in a single location.
-
Real-Time Monitoring Continuously monitors system activities and network events to identify suspicious behavior as it happens.
-
Threat Detection & Correlation Analyzes logs using correlation rules to detect patterns that indicate potential security threats or attacks.
-
Alerting & Notifications Generates alerts when abnormal or malicious activities are detected, enabling quick response.
-
Incident Response Support Provides detailed insights and timelines to help security teams investigate and respond to incidents effectively.
-
Compliance & Reporting Helps organizations meet regulatory requirements by generating reports for standards like ISO, PCI-DSS, etc.
-
User Activity Monitoring Tracks user behavior to detect unauthorized access or insider threats.
-
Data Visualization & Dashboards Displays security data through dashboards and graphs for easy analysis and decision-making.
-
Log Retention & Forensics Stores historical data for forensic analysis and future investigations.
-
Scalability Supports growing infrastructure by handling large volumes of data across multiple systems
-
Log Collection Module Gathers logs from various sources such as endpoints, servers, network devices, and applications.
-
Log Normalization Module Converts different log formats into a standard format for easier analysis and correlation.
-
Event Correlation Module Analyzes logs using predefined rules to identify suspicious patterns and potential threats.
-
Alerting Module Generates alerts and notifications when security incidents or anomalies are detected.
-
Data Storage Module Stores collected logs and events securely for future analysis and compliance purposes.
-
Analysis & Monitoring Module Provides real-time monitoring and analysis of events to detect unusual activities.
-
Dashboard & Visualization Module Displays logs and alerts in graphical formats like charts and dashboards for better understanding.
-
Incident Response Module Supports investigation and response by providing detailed event information and timelines.
-
Reporting Module Generates reports for audits, compliance, and security assessments.
-
Agent Management Module Manages connected agents (like Windows systems) and ensures proper communication with the SIEM server
-
Install Virtualization Software Download and install Oracle VM VirtualBox to create and manage virtual machines.
-
Download Operating System ISOs
Download the Ubuntu ISO file (for SIEM server setup) Download the Windows 10 ISO file (for endpoint/log generation)
- Create Virtual Machines
Create one VM for Ubuntu (SIEM server) Create one VM for Windows 10 (client machine) Allocate sufficient RAM (minimum 4GB recommended) and storage
- Install Operating Systems
Mount the respective ISO files Complete the installation process for both Ubuntu and Windows 10
After setting up the virtual machines:
a) Use Ubuntu as the SIEM Server b) Responsible for log collection, analysis, and threat detection c) Hosts the SIEM platform (e.g., Wazuh/ELK stack) d) Use Windows 10 as the Agent System e) Acts as an endpoint machine f) Generates logs and security events g) Sends collected data to the SIEM server for monitoring
-
Centralized Log Management Collects and manages logs from multiple systems in one place.
-
Real-Time Threat Detection Identifies security threats and suspicious activities instantly.
-
Improved Incident Response Helps quickly analyze and respond to security incidents.
-
Compliance Support Assists in meeting regulatory requirements through logging and reporting.
-
Better Visibility Provides clear insights into system and user activities across the network.
Anandaraj Alwin Raj
SOC Analyst | Security Researcher |
- GitHub: https://github.com/alwin-github
- LinkedIn: https://www.linkedin.com/in/anandarajalwinraj/
- Medium: https://medium.com/@alwinraj