SIEM and Threat Intelligence: Protecting Applications with Wazuh and TheHive

The consequences of cyberattacks on enterprises are highly varied. DDoS assaults can render an organization's website inaccessible; SQL attacks can compromise the integrity of data in a database, and Brute Force attacks can lead to unauthorized users gaining control over a server or application...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of advanced computer science & applications 2024-01, Vol.15 (9)
Hauptverfasser: -, Jumiaty, Soewito, Benfano
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The consequences of cyberattacks on enterprises are highly varied. DDoS assaults can render an organization's website inaccessible; SQL attacks can compromise the integrity of data in a database, and Brute Force attacks can lead to unauthorized users gaining control over a server or application. Hence, it is crucial for enterprises to be aware of these potential dangers and employ solutions capable of monitoring networks, apps, and servers. In this study, the author employs Wazuh, TheHive, Telegram, and CVSS. Wazuh functions as a tool for monitoring applications and identifying potential security risks. TheHive classifies threats according to their level of importance. Telegram is utilized for dispatching notifications to the administrator. The findings indicate that Wazuh can promptly identify security risks by verifying that the date and time configurations on each utilized server align with the Indonesian time standard. Several vulnerabilities in the applications were successfully detected. The Wazuh server monitors two specific apps, namely Kompetensi and ESPPD. Surveillance commenced on March 20, 2024, at 17:49 and concluded on June 20, 2024, at 01:10, effectively amassing a total of 16,580 logs. 11 essential alert categories require follow-up due to their potential to compromise the system's integrity, confidentiality, and availability. To validate the detection results, the Common Vulnerability Scoring System (CVSS) is used. The assessment of vulnerability levels varies depending on the Wazuh level and CVSS. This arises because CVSS assigns scores based on five exploitability characteristics and incorporates the expertise of specialists to determine the assessment category and evaluate the potential impact of a successful threat. The outcome of this assessment, involving professional expertise, is heavily influenced by the unique attributes of each company. As a result, even when evaluating the same threats, the assessment can yield varying results. Evaluations utilizing Wazuh and CVSS are highly efficient in determining the extent of discovered hazards. By integrating these two technologies, the produced findings become more accurate.
ISSN:2158-107X
2156-5570
DOI:10.14569/IJACSA.2024.0150923