Securing Systems using SIEM and FIM Tools
DOI:
https://doi.org/10.32628/IJSRST24113123Keywords:
Security Information and Event Management , File Integrity Monitoring, Log data management, Threat detection, Azure Monitoring Agent, Baseline fileAbstract
Today, computer networks are heavily documented security issues, making it impractical to manage them without Security Event Management (SIEM). A SIEM solution sets the controls everywhere, enhances information security, recording data from various devices and applications through agents or networks Protects data by aggregating and aggregating Provides filtering, normalization of redundant information it is proprietary, and they use context to analyze it. The SIEM solution provides threat detection and real-time system activity analysis, alerting operators in the event of an attack. Although there are high-quality SIEM solutions, success cannot be guaranteed. Instead, organizations should focus on a variety of use cases to effectively implement their SIEM solutions. Care must be taken with respect to the integrity of the operating system components. They are controlled to optimize system security. Attackers will always try to manipulate or alter these relevant resources to achieve their goals. System files are common targets for attackers. File integrity monitoring tools are often used to detect any malicious changes to these important files. In this project we developed a comprehensive security solution that combines a Security Information Event Management (SIEM) framework with a File Integrity Monitoring (FIM) tool to optimize the security posture of IT projects. Our SIEM project uses Azure Monitoring Agent to collect data from virtual machine and inject it into the Log Analytics Workspace. The FIM component is implemented by a Python script designed to scan multiple directories and files. The script initially stores the hashes of all monitored files in a baseline file named “baseline.txt” and creates backups of the original files. These backups are periodically updated, with old backups being deleted.
Downloads
References
R. M. Zul Hilmi Abdullah, Nur Izura Udzir and K. Samsudin, “File integrity monitor scheduling based on file security level classification,” International Conference on Software Engineering and Computer Systems (ICSECS), vol. Part II, no. CCIS 180, pp. 177–189, 2011. DOI: https://doi.org/10.1007/978-3-642-22191-0_16
R. Bj ork, “Feasibility to implement a siem based on open-source applications,” KTH ROYAL INSTITUTE OF TECHNOLOGY, 2022.
I. Anastasov and D. Davcev, “Siem implementation for global and distributed environments,” IEEE, pp.1–6, 2014. [4] K. B. Dragi Zlatkovski, Aleksandra Mileva and I. Ampov, “A new real-time file integrity monitoring system for windows-based environments,” in 331258764. ResearchGate, 2018. DOI: https://doi.org/10.1109/WCCAIS.2014.6916651
M. KEDGLEY, “File integrity monitoring - the last line of defense in the pci data security standard,” in A New Net Technologies Whitepaper.
S. G.-Z. Gustavo Gonz alez-Granadillo and R. Diaz, “Security information and event management (siem):Analysis, trends, and usage in critical infrastructures,” Sensors, vol. 21, no. 14, 2021. DOI: https://doi.org/10.3390/s21144759
S. S. Sekharan and K. Kandasamy, “Profiling siem tools and correlation engines for security analytics,” IEEE, pp. 717–721, 2017. DOI: https://doi.org/10.1109/WiSPNET.2017.8299855
B. Wilbert and L. Chen, “Comparison of file integrity monitoring (fim) techniques for small business networks,” Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT), pp. 1–7, 2014 DOI: https://doi.org/10.1109/ICCCNT.2014.6963090
Downloads
Published
Issue
Section
License
Copyright (c) 2024 International Journal of Scientific Research in Science and Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
