Sirvi Autor "Borissov, Mark" järgi
Nüüd näidatakse 1 - 1 1
- Tulemused lehekülje kohta
- Sorteerimisvalikud
listelement.badge.dso-type Kirje , Deploying Open-Source SIEM System for Waldur-based Services at the University of Tartu(Tartu Ülikool, 2024) Borissov, Mark; Vaarandi, Risto, juhendaja; Livenson, Ilja, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituutSecurity Information and Event Management (SIEM) systems are cybersecurity tools that are used by organizations to monitor and analyze log information from different sources, allowing the detection and response to security threats in a timely manner. Waldur is an open-source platform used to manage hybrid cloud resources with multiple services built on top of it and with a large user base. To address the security requirements of the platform in regard to business event data, this thesis work aims to identify and implement a suitable open-source SIEM solution for Waldur that aligns with the operational requirements provid-ed by the University of Tartu HPC team. An overview of Waldur’s architecture, business event logging and SIEM requirements has been conducted. OpenSearch, an open-source data management platform with SIEM functionality, was selected for a proof of concept implementation. A high-level design of the architecture and components of the implementa-tion as well as sample security rules based on Waldur’s logs and requirements were devel-oped. Validation using synthetic and real data was performed in the proof of concept imple-mentation, providing insight into OpenSearch’s SIEM capabilities, with challenges being encountered for complex detection scenarios. This study demonstrates the development of a SIEM architecture for Waldur platform’s business event logging and validates it with a selected SIEM solution, providing insights into the setup, usage, and potential limitations.