Professional Documents
Culture Documents
Cyber Project
Cyber Project
Cyber security
Semester project
Class BSIT-7A
Submitted by Submitted TO
Muhammad Usama Sir Zunnurain Hussain
Contents
Introduction:...............................................................................................................................................2
Organization needs and Functionalities of SIEM Solution.........................................................................2
SIEM Solution..............................................................................................................................................2
Introduction to event log analyzer SIEM....................................................................................................2
Features of Event Log Analyzer SIEM.........................................................................................................2
Log data aggregation..................................................................................................................................3
Data correlation and alerting.....................................................................................................................3
Log analysis and dashboard........................................................................................................................3
Compliance report......................................................................................................................................3
User monitoring..........................................................................................................................................4
Collects and processes events and flows...................................................................................................4
Collecton of vulnerability Data.................................................................................................................6
Logical Components and data flow in event log analyzer......................................................................7
Architecture and data flow diagram of event log analyzer...........................................................................9
Offenses in Event log analyzer................................................................................................................10
Types of offenses......................................................................................................................................10
SIEM Dashboard........................................................................................................................................10
Customize the dashboard.........................................................................................................................11
Default and customize Dashboards..........................................................................................................11
Event Log Analyzer Tabs...........................................................................................................................11
Conclusion.................................................................................................................................................12
References................................................................................................................................................12
Introduction:
The organization is facing serious malware attacks. To deal with these malwares we need a SIEM
solution that help us to detect the malware activities. SIEM software works by collecting log and event
data generated by an organizations applications, security devices and host systems and bringing it
together into a single centralized platform. ... In this way it detects threats and creates security alerts.
SIEM Solution
We need a SIEM solution that fulfill the above mentioned needs. There are many pros and cons of every
SIEM solution but according to the present condition of the company Event log analyzer is best.
Compliance report
Compliance is the core of SIEM and with Event Log Analyzer organizations can meet regulatory compliance
requirements by monitoring and analyzing log data from all the network devices and applications. Event Log
Analyzer allows you to generate pre-defined/canned compliance reports such as PCI
DSS, FISMA, GLBA, SOX, HIPAA, etc.
User monitoring
Exhaustive reports are provided for user monitoring by Event Log Analyzer. This enables tracking suspicious
behavior of users including privileged administrative users.
You get precise information of user access such as which user performed the action, what was the result of the
action, on which server it happened and track down the user workstation from where the action was triggered.
When you start the Event Log Analyzer then you will see the display as shown in figure
Collecton of vulnerability Data
At Dashboard page click on the settings the next page appears, then click on “Applications”. The Below
page appears
There are many options available on the top as shown in below image
Click on the “vulnerability scanner”.
Logical Components and data flow in event log analyzer
Event Log Analyzer is a log management and IT compliance solution for your enterprise. It's web-based, and it
employs both agentless and agent-based mechanisms to collect logs from log sources across your network
while also providing you with in-depth reports, alerts, and security analyses.
Parsing engine: Filters logs which aren't needed—as configured by the administrator—and normalizes raw
logs into a standard format.
Central database: Stores raw and normalized logs from all devices and applications across your network as
well as report data and global threat data. The default database that comes installed with the product is
PostgreSQL. Alternatively, users have the option of migrating to Microsoft SQL Server or MySQL databases.
Report builder: Processes the raw and normalized logs to build over a thousand predefined reports—
including compliance reports—and custom reports as well. EventLog Analyzer generates and sends out
scheduled reports, and it exports reports when needed.
Alerts and incident management: Sends out email and SMS notifications based on configured alert profiles;
assigns incidents to designated technicians, and stores the statuses and related information for every incident.
Automated Workflows: Automates incident response through predefined workflows that set off when alerts
are triggered.
Log search engine: Searches through millions of logs in seconds. The search engine is based on Elasticsearch.
File integrity monitoring: Uses file server logs to monitor all activity occurring in critical files and folders
and generates detailed file integrity reports.
Correlation engine: Correlates logs from heterogeneous sources to identify potential attacks, and generates
in-depth aggregated incident reports and security alerts.
Threat intelligence: Regularly retrieves and stores threat data from popular STIX/TAXII-based threat feeds as
well as other open source feeds. The module compares this data with network events and then generates threat
alerts when malicious entities are discovered interacting with your network.
Architecture and data flow diagram of event log analyzer
Architecture and data flow diagram of event log analyzer
Offenses in Event log analyzer
When the events and flows meet the test criteria that is defined in the rules, an offense is created to show
that a security attack or policy breach is suspected. But knowing that an offense occurred is only the
first step; identifying how it happened, where it happened, and who did it requires some investigation
The Alerts tab lists details of all alerts triggered (if you have not set up any alert profiles, the tab directs you to
do so). You can view the timestamp of the alert, the device which triggered it, the severity, the status of the
alert, and the message.
Types of offenses
Offenses are generally graded into four categories:
Felonies
Misdemeanors
Felony-misdemeanors
Infractions.
SIEM Dashboard
A Security Information and Event Management (SIEM) dashboard is a user interface that is used to
monitor the security of an organization's networks and systems. It displays real-time data about security
events, such as system logs, network traffic, and security alerts, in a visual format. This dashboard
typically includes charts, graphs, and other visualizations to provide an overview of the organization's
security posture, as well as detailed information about specific security events. It may also include tools
for analyzing and responding to security incidents. The objective of the SIEM dashboard is to help
organizations detect and respond to security threats quickly and effectively.
Customize the dashboard
To customize the dashboard in Event Log Analyzer, you can follow these steps:
Note that the specific options available for customizing the dashboard may vary depending on the
version of Event Log Analyzer that you are using. Consult the Event Log Analyzer documentation for
more information
A custom dashboard is one that has been customized by an administrator to meet the specific needs of
the organization. It may include different widgets than the default dashboard, or the same widgets may
be configured to display different data or to behave differently. Custom dashboards can be created from
scratch or based on an existing default dashboard.
The main difference between default and custom dashboards is that default dashboards are intended to
provide a general overview of the organization's security posture, while custom dashboards can be
tailored to focus on specific aspects of the organization's security or to meet the needs of specific users
or groups. Custom dashboards can provide a more targeted and relevant view of security data, making it
easier for administrators to identify and respond to security threats.
Dashboard: This tab displays a customizable dashboard with real-time data about security
events, such as charts, graphs, and other visualizations. The dashboard provides a high-level
view of the organization's security posture and allows administrators to quickly identify
potential threats.
Events: This tab displays a list of security events that have been collected by the SIEM system.
Administrators can use the search and filter functions to locate specific events, and can view
detailed information about each event by clicking on it.
Reports: This tab allows administrators to generate reports about security events based on
specific criteria, such as type of event, time period, and data source. Reports can be saved and
scheduled to run at regular intervals.
Alerts: This tab displays a list of security alerts that have been generated by the SIEM system
based on predefined conditions. Administrators can view detailed information about each alert
and take appropriate action to mitigate the threat.
Configuration: This tab allows administrators to configure various aspects of the SIEM system,
such as data sources, alert rules, and user roles.
Note that the specific tabs available in Event Log Analyzer may vary depending on the version of the
software and the specific features and modules that have been purchased. Consult the Event Log
Analyzer documentation for more information.
Conclusion
Event Log Analyzer is a security information and event management (SIEM) tool that allows
organizations to monitor and analyze security events from various sources, such as system logs, network
traffic, and security alerts. It provides a graphical user interface (GUI) with several tabs that allow
administrators to access different features and functions of the software, such as a customizable
dashboard, event search and filtering, report generation, and alert management. Event Log Analyzer can
help organizations detect and respond to security threats in a timely and effective manner, and can
provide valuable insights into the security posture of the organization. Overall, Event Log Analyzer is a
powerful and feature-rich SIEM tool that can be an important part of an organization's security strategy.
References
htt ps://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-
UserGuide/EventLogAnalyzerReports/create-custom-reports.html#create
htt ps://manualzz.com/doc/30848748/manageengine-eventlog-analyzer----help-
documentati on
https://www.manageengine.com/products/eventlog/download.html