Abstract: A centralized logging system for collection, aggregation, monitoring and analysis of log data from various data points leveraging open-source Elasticsearch (ELK) stack. ELK is comprised of three different tools Elasticsearch, Logstash, and Kibana. We are developing easily deployable automation script to remotely install required monitoring tools on endpoints. Tool offers Host Intrusion Detection System (HIDS) with threat hunting capabilities using Wazuh and Network Intrusion Detection System (NIDS) capabilities using Suricata, Zeek, and Snort. We are using machine learning models for threat detection. It comes with various deployment options (on-prem/cloud). Offering functionality to develop custom monitoring rules based on various signature heuristics. Because of the capabilities we are offering and the fact that storage is the only charge, it is a more cost-effective replacement for current systems.
Keywords: Elasticsearch stack (ELK stack), Network Intrusion Detection System (NIDS), Network Intrusion Detection System (NIDS), Firewall
| DOI: 10.17148/IJARCCE.2024.13608