Securing Systems using SIEM and FIM Tools

Authors

  • Ms Vaishali Kumar Lecturer, Department Computer Science Engineering and Applications, DY Patil International University, Akurdi, Pune, Maharashtra, India Author
  • Abhishek Yadav Student, Department Computer Science Engineering and Applications, DY Patil International University, Akurdi, Pune, Maharashtra, India Author
  • Shivam Bhorde Student, Department Computer Science Engineering and Applications, DY Patil International University, Akurdi, Pune, Maharashtra, India Author

DOI:

https://doi.org/10.32628/IJSRST24113123

Keywords:

Security Information and Event Management , File Integrity Monitoring, Log data management, Threat detection, Azure Monitoring Agent, Baseline file

Abstract

Today, computer networks are heavily documented security issues, making it impractical to manage them without Security Event Management (SIEM). A SIEM solution sets the controls everywhere, enhances information security, recording data from various devices and applications through agents or networks Protects data by aggregating and aggregating Provides filtering, normalization of redundant information it is proprietary, and they use context to analyze it. The SIEM solution provides threat detection and real-time system activity analysis, alerting operators in the event of an attack. Although there are high-quality SIEM solutions, success cannot be guaranteed. Instead, organizations should focus on a variety of use cases to effectively implement their SIEM solutions. Care must be taken with respect to the integrity of the operating system components. They are controlled to optimize system security. Attackers will always try to manipulate or alter these relevant resources to achieve their goals. System files are common targets for attackers. File integrity monitoring tools are often used to detect any malicious changes to these important files. In this project we developed a comprehensive security solution that combines a Security Information Event Management (SIEM) framework with a File Integrity Monitoring (FIM) tool to optimize the security posture of IT projects. Our SIEM project uses Azure Monitoring Agent to collect data from virtual machine and inject it into the Log Analytics Workspace. The FIM component is implemented by a Python script designed to scan multiple directories and files. The script initially stores the hashes of all monitored files in a baseline file named “baseline.txt” and creates backups of the original files. These backups are periodically updated, with old backups being deleted.

Downloads

Download data is not yet available.

References

R. M. Zul Hilmi Abdullah, Nur Izura Udzir and K. Samsudin, “File integrity monitor scheduling based on file security level classification,” International Conference on Software Engineering and Computer Systems (ICSECS), vol. Part II, no. CCIS 180, pp. 177–189, 2011. DOI: https://doi.org/10.1007/978-3-642-22191-0_16

R. Bj ork, “Feasibility to implement a siem based on open-source applications,” KTH ROYAL INSTITUTE OF TECHNOLOGY, 2022.

I. Anastasov and D. Davcev, “Siem implementation for global and distributed environments,” IEEE, pp.1–6, 2014. [4] K. B. Dragi Zlatkovski, Aleksandra Mileva and I. Ampov, “A new real-time file integrity monitoring system for windows-based environments,” in 331258764. ResearchGate, 2018. DOI: https://doi.org/10.1109/WCCAIS.2014.6916651

M. KEDGLEY, “File integrity monitoring - the last line of defense in the pci data security standard,” in A New Net Technologies Whitepaper.

S. G.-Z. Gustavo Gonz alez-Granadillo and R. Diaz, “Security information and event management (siem):Analysis, trends, and usage in critical infrastructures,” Sensors, vol. 21, no. 14, 2021. DOI: https://doi.org/10.3390/s21144759

S. S. Sekharan and K. Kandasamy, “Profiling siem tools and correlation engines for security analytics,” IEEE, pp. 717–721, 2017. DOI: https://doi.org/10.1109/WiSPNET.2017.8299855

B. Wilbert and L. Chen, “Comparison of file integrity monitoring (fim) techniques for small business networks,” Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT), pp. 1–7, 2014 DOI: https://doi.org/10.1109/ICCCNT.2014.6963090

Downloads

Published

30-05-2024

Issue

Section

Research Articles

How to Cite

Securing Systems using SIEM and FIM Tools. (2024). International Journal of Scientific Research in Science and Technology, 11(3), 613-621. https://doi.org/10.32628/IJSRST24113123

Similar Articles

1-10 of 233

You may also start an advanced similarity search for this article.