Version 2 2024-09-28, 15:32Version 2 2024-09-28, 15:32
Version 1 2024-09-28, 13:36Version 1 2024-09-28, 13:36
conference contribution
posted on 2024-09-28, 15:32authored byCheryl Ching Tay, Darshan Kumar S/O Ramesh, Rachel Ying Xuan Poh, Randy Yi Ping Cheang, Villarico Gabriel Babiera, Huaqun GuoHuaqun Guo, Liming LuLiming Lu
In the context of rapidly advancing cyber threats, ransomware stands out as a particularly destructive challenge that exploits vulnerabilities to significantly disrupt operations. This project explores the feasibility of using OpenSearch’s Security Analytics in conjunction with Wazuh to detect cyberattacks through log data analysis. Various integration methods, including server integration, indexer integration, and direct plugin integration, were tested for its ability to effectively correlate alerts and identify potential ransomware threats in simulated settings. The findings provide essential insights into optimal practices and configurations for using OpenSearch’s Security Analytics to enhance Wazuh’s functionality.
Funding
This research project is supported by an ignition grant with Grant No. R-IE2-A405-0002, Singapore Institute of Technology and Ministry of Education, Singapore.
History
Journal/Conference/Book title
The 10th IRC Conference on Science, Engineering and Technology (IRC-SET 2024)
Publication date
2024-08-17
Version
Post-print
Corresponding author
Huaqun Guo, huaqun.guo@singaporetech.edu.sg
Project ID
11679 (R-IE2-A405-0002) Investigating Security Situation Awareness against Ransomware Attacks