Addressing the challenges in aggregation and correlation of security event data from custom enterprise applications
Abstract
In Kenya most organizations are acquiring custom enterprise systems that help improve the efficiency of their business processes, these systems save their security logs in customized not standard format that cannot be extracted to upload to a SIEM.
This study is aimed at providing a solution that can assist IT security specialists to extract the security information events from the custom enterprise systems and automatically upload them to a SIEM.
This study outlines the development of a prototype application that extracts the security event information from the custom enterprise system aggregate them and apply some correlation rules then transmit the data to a SIEM. This is to ensure that IT security specialist have all the security information from the custom enterprise systems that will enable Security Operations center monitor and analyze activities
Publisher
University of Nairobi
Rights
Attribution-NonCommercial-NoDerivs 3.0 United StatesUsage Rights
http://creativecommons.org/licenses/by-nc-nd/3.0/us/Collections
The following license files are associated with this item: