Call for Papers 2022 |
Oct 2023 - Volume 14, Issue 5
Deadline: 15 Sep 2023
Publication: 20 Oct 2023
Dec 2023 - Volume 14, Issue 6
Deadline: 15 Nov 2023
Publication: 20 Dec 2023
More
|
|
|
ABSTRACT
Title |
: |
Automated Threat Hunting Using ELK Stack – A Case Study |
Authors |
: |
MOZA AL SHIBANI, E ANUPRIYA |
Keywords |
: |
- |
Issue Date |
: |
Oct-Nov 2019 |
Abstract |
: |
Modern threats are very much sophisticated and they bypass legitimate security tools. Static threat hunting methods are futile. The alternate threat hunting method is to dynamically analyze their entry and behavior in the network. The two popular methods to analyze threats are to use smart machine intelligent hunting software or monitor end point activity. The end point activities can be obtained from system log using Sysmon. The event logs are filtered to eliminate the normal day-to-day activities and the suspicious activities are forwarded to server with ELK stack. The server analyzes the process creation, parent processes and their behavior. Filter is applied on the server side to analyze and hunt the threats. As a case study, threatslike 1. Malicious code to remotely access files on shared drive and to delete them 2. Remote registry access to create or delete files on victim’s registry 3. Malware codes to escalate rights and to delete files were injected on the victim client machine by a threat actor from another client. The system identified all the threats successfully and segmented them with alert message. The complete system was implemented on virtual environment on Windows with Oracle VM Virtual Box for creating virtual environment. |
Page(s) |
: |
118-127 |
ISSN |
: |
0976-5166 |
Source |
: |
Vol. 10, No.5 |
PDF |
: |
Download |
DOI |
: |
10.21817/indjcse/2019/v10i5/191005008 |
|