Singapore Institute of Technology
Browse
- No file added yet -

The Feasibility of OpenSearch’s Security Analytics with Wazuh

Download (492.83 kB)
Version 2 2024-09-28, 15:32
Version 1 2024-09-28, 13:36
conference contribution
posted on 2024-09-28, 15:32 authored by Cheryl Ching Tay, Darshan Kumar S/O Ramesh, Rachel Ying Xuan Poh, Randy Yi Ping Cheang, Villarico Gabriel Babiera, Huaqun GuoHuaqun Guo, Liming LuLiming Lu

In the context of rapidly advancing cyber threats, ransomware stands out as a particularly destructive challenge that exploits vulnerabilities to significantly disrupt operations. This project explores the feasibility of using OpenSearch’s Security Analytics in conjunction with Wazuh to detect cyberattacks through log data analysis. Various integration methods, including server integration, indexer integration, and direct plugin integration, were tested for its ability to effectively correlate alerts and identify potential ransomware threats in simulated settings. The findings provide essential insights into optimal practices and configurations for using OpenSearch’s Security Analytics to enhance Wazuh’s functionality.

Funding

This research project is supported by an ignition grant with Grant No. R-IE2-A405-0002, Singapore Institute of Technology and Ministry of Education, Singapore.

History

Journal/Conference/Book title

The 10th IRC Conference on Science, Engineering and Technology (IRC-SET 2024)

Publication date

2024-08-17

Version

  • Post-print

Corresponding author

Huaqun Guo, huaqun.guo@singaporetech.edu.sg

Project ID

  • 11679 (R-IE2-A405-0002) Investigating Security Situation Awareness against Ransomware Attacks

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC