Professional Documents
Culture Documents
Implementation of Security Information Event Manag
Implementation of Security Information Event Manag
2
Volume 4 Number 1 Januari-Juni 2024 PP 1-7 INTELMATICS ISSN 2775-8850 (Online)
B. Testing
In the testing phase, the researcher will employ THC Hydra
for conducting experiments involving both normal user and
threat actor scenarios. For the normal user, a custom Bash script
will be introduced to enable automatic and continuous
authentication processes. In contrast, for the threat actor, THC
Hydra will be utilized exclusively for conducting attacks with
Fig. 5. Event on Wazuh Dashboard after failed login test customizations made to the interval settings in accordance with
the testing scenarios.
4
Volume 4 Number 1 Januari-Juni 2024 PP 1-7 INTELMATICS ISSN 2775-8850 (Online)
were combined, resulting in the following outcomes. 𝐴𝑐𝑡𝑖𝑣𝑒 𝑅𝑒𝑠𝑝𝑜𝑛𝑠𝑒 𝑅𝑒𝑎𝑐𝑡𝑖𝑜𝑛 𝑇𝑖𝑚𝑒
= (𝑡𝑖𝑚𝑒 𝑡𝑜 𝑟𝑒𝑠𝑝𝑜𝑛𝑠𝑒) − (𝑡𝑖𝑚𝑒 𝑡𝑜 𝑑𝑒𝑡𝑒𝑐𝑡)
Table 9 Wazuh detection summary
ALL 3 SCENARIO Using this formula, the researcher calculated the reaction
time from the grouped data based on scenarios and consolidated
TTD 1s TTD 10s TTD 30s the results into the following table.
28,33 (HTTP &
MIN 146,00 (SSH) 403,67 (IMAP)
HTTPS) Subsequently, data regarding the minimum time, average
AVERAGE 80,51 173,18 434,58 time, median time, and maximum time needed for Active
Response to initiate actions upon detecting brute force attack
MEDIAN 36,17 154,67 434,83 indications by SIEM Wazuh was gathered and is presented in
the following table.
MAX 258,67 (IMAP) 265,00 (IMAP) 466,33 (IMAP)
6
Volume 4 Number 1 Januari-Juni 2024 PP 1-7 INTELMATICS ISSN 2775-8850 (Online)
second intervals, and 434.58 seconds for 30-second intervals. (email: mardianto@trisakti.ac.id)
The Active Response functionality within SIEM Wazuh Adrian Sjamsul Qamar, completed bachelor at University of
emerges as a robust tool in thwarting identified brute force Indonesia, master’s at the University of Indonesia.
attacks across multiple protocols. With impeccable accuracy, it (email: adrian.qamar@trisakti.ac.id)
swiftly blocks attackers' IP addresses, with an average initiation
time of merely 0.51 seconds.
Moreover, SIEM Wazuh, coupled with the Active Response
feature, effectively discerns between normal user activities and
those of threat actors, achieving this feat without generating any
false positives during the experimental trials.
The Telegram notification mechanism operates seamlessly,
delivering timely updates regarding failed login attempts and
the activation of Active Response in response to detected brute
force attacks directly to the Telegram application. This ensures
swift and reliable communication of critical security events to
relevant stakeholders.
REFERENCES
[1] Bourgeois, David T.; Smith, James L.; Wang, Shouhong; and Mortati,
Joseph, "Information Systems for Business and Beyond" (2019). Open
Textbooks. 1.
[2] McAfee, A. & Brynjolfsson, “Investing in the IT that Makes a
Competitive Difference”. Harvard Business Review. 86. 98-107 (2008).
[3] ESET Threat Report H1 2023, ESET Research,2023,
https://www.welivesecurity.com/2023/07/11/eset-threat-report-h1-2023/.
Accessed July, 12 2023.
[4] Goodgion, Jonathon S., "Active Response Using Host-Based Intrusion
Detection System and Software-Defined Networking" (2017). Theses and
Dissertations. 1575.
[5] Radhitya, Dimas. “Analisis implementasi Security Information and Event
Management (SIEM) dengan berbasis wazuh pada sistem operasi
Windows dan Linux” (2022). Fakultas Teknik Universitas Indonesia.
[6] Nova, F., Pratama, M. D., & Prayama, D. (2022). Wazuh sebagai Log
Event Management dan Deteksi Celah Keamanan pada Server dari
Serangan Dos. JITSI: Jurnal Ilmiah Teknologi Sistem Informasi, 3(1), 1-
7.
[7] Pfau, Robert. The Security Lifecycle, SANS Institute, USA, 2003.
[8] N. Carr, “IT Doesn’t Matter,” Harvard Business Review, May 2003.
[Online]. Available: https://hbr.org/2003/05/it-doesnt-matter. [Accessed:
October 13, 2022].
[9] Center for Strategic & International Studies (CSIS), “Significant Cyber
Incidents Since 2006,” Center for Strategic & International Studies
(CSIS), 2019.
[10] Check Point Software Technologies Ltd, “CYBER ATTACK TRENDS
Check Point’s 2022 Mid-Year Report,” Check Point Software
Technologies Ltd, 2022.
[11] Dr. Madhu Tyagi, “SECURITY AGAINST CYBER-CRIME:
PREVENTION AND DETECT,” Horizon Books ( A Division of Ignited
Minds Edutech P Ltd), 2017
[12] R. Stair and G. Reynolds, Principles of information systems. Cengage
Learning, 2017.
[13] Committee on National Security Systems Instruction (CNSSI) No. 4009,
“National Information Assurance Glossary,” Committee on National
Security Systems (CNSS), Apr. 2010.
[14] Microsoft, “What is SIEM?,” Microsoft. [Online]. Available:
https://www.microsoft.com/en-us/security/business/security-101/what-
is-siem. [Accessed: Jan. 5, 2023].
[15] Wazuh, “Components – Getting started,” Wazuh. [Online]. Available:
https://documentation.wazuh.com/current/getting-
started/components/index.htm. [Accessed: Jan. 10, 2023].