Analisa Security Information And Event Management (SIEM) Menggunakan Elastic Stack SIEM Dan SPLUNK
Total View This Week0
Total View This Week0
Institusion
Universitas Islam Riau
Author
Alfandi, Muhammad
Subject
QA76 Computer software
Datestamp
2022-04-25 09:22:22
Abstract :
The development of information technology at this time is so rapid, behind the current technological advances, there are also threats and attacks that can occur at any time. These attacks and threats can damage systems and leak important data from an agency or company. With these threats and attacks, information security plays an important role in being able to carry out security from attacks and threats that occur. SIEM (Security Information and Event Management) is one of the methods in information security to analyze logs that occur in a system. In this research, the SIEM used is Elastic Stack SIEM and Splunk to monitor and analyze the attack logs that enter the system. The attacks carried out in this research are Fingerprinting, SQL Injection, DoS, and Port Scanning, and the test results are Elastic Stack SIEM and Splunk are able to detect all attacks that enter the web server in real time. After the attack has been detected, Splunk and Elastic Stack SIEM will then send an e-mail notification to the administrator about the attack.
The development of information technology at this time is so rapid, behind the current technological advances, there are also threats and attacks that can occur at any time. These attacks and threats can damage systems and leak important data from an agency or company. With these threats and attacks, information security plays an important role in being able to carry out security from attacks and threats that occur. SIEM (Security Information and Event Management) is one of the methods in information security to analyze logs that occur in a system. In this research, the SIEM used is Elastic Stack SIEM and Splunk to monitor and analyze the attack logs that enter the system. The attacks carried out in this research are Fingerprinting, SQL Injection, DoS, and Port Scanning, and the test results are Elastic Stack SIEM and Splunk are able to detect all attacks that enter the web server in real time. After the attack has been detected, Splunk and Elastic Stack SIEM will then send an e-mail notification to the administrator about the attack.
Download
book
BibTex
Latex, Jabref
cloud_download
Original Resource
url resource Institution
