Malware detection with open source security information and event management (OSSIM)

Abstract

The digital age has ushered in a golden era of innovation and connectivity. However, this interconnectedness has also created a breeding ground for cyber threats. Malicious actors are constantly developing new attack vectors, exploiting vulnerabilities, and breaching security perimeters. Traditional security solutions often struggle to keep pace with this ever-evolving threat landscape. In addition, modern organization rely on complex IT infrastructure with multiple endpoints and application. Enterprises are increasingly needing robust network security analysis system in the face of growing cyber threats. This final year project tackles the critical need for improved threat detection and response by developing and implementing a Security Information and Event Management (SIEM) system built on open-source tools. Wazuh, a comprehensive security monitoring and analysis platform, forms the core of this system. Wazuh consists of three key components: Wazuh-Indexer, Wazuh-Manager, and Wazuh-Dashboard. Working together, they provide a data collection, analysis, and visualization engine. Wazuh-Indexer acts as the central hub, collecting security logs from various sources like operating systems, network devices, and applications. Wazuh-Manager then analyses these indexed logs in real-time, identifying potential threats. Finally, Wazuh-Dashboard serves as the user interface, offering security personnel a centralized view of security events, alerts, and overall system health. Beyond Wazuh, the project leverages ElasticSearch for efficient log search, TheHive for managing security incidents and cases, and VirusTotal integration for multi-engine threat analysis. Additionally, Cassandra offers potential high-availability storage for specific datasets, while Shuffle facilitates data sharing, automation, and collaboration between these services. The successful implementation of this project will provide organizations with a cost-effective and effective security information and event management system, enhancing their overall security posture and mitigating cyber threats.