Optimizing endpoint detection and monitoring in enterprise solution: A cyber threat intelligence approach

• Published in: Computer and information technology pp. 2683 - 2688
• Main Authors: Sarker, Apurba, Mondal, Joty Prokash, Seraj, Mehnaz, Noor, Jannatun
• Format: Conference Proceeding
• Language: English
• Published: IEEE 20.12.2024
• Subjects: Brute-force attack; Cyber threat intelligence; Denial of Service (DoS) attack; Elastic-search; ELK Stack; Endpoint detection; File integrity monitoring (FIM); Filebeat; Malware; Monitoring; Network intrusion detection; Pipelines; Privacy; Real-time monitoring; Real-time systems; Scalability; Security Information and Event Management (SIEM); Threat assessment; Visualization; Wazuh
• ISSN: 2474-9656
• DOI: 10.1109/ICCIT64611.2024.11021895

Advanced cyber threat intelligence systems are crucial at a time when enterprise solutions are increasing and are being targeted by more sophisticated cyberattacks. This research aims to improve endpoint detection and monitoring in enterprises by installing a Security Information and Event Management (SIEM) system based on Wazuh having an open-source robust and flexible Host Intrusion Detection System (HIDS) with integration into ELK Stack. The infrastructure creates a powerful combination of analytical security, intrusion detection, log data analysis, file integrity monitoring (FIM), and vulnerability management capabilities using the Wazuh active response module to detect security threats and continuous monitoring. Wazuh provides a robust and cost-effective solution that instantly detects and monitors simulated attacks such as denial-of-service (DoS) attacks by spotting suspicious file changes in real-time, SSH authentication failure, and identifying the root source of the flood of requests. This study also provides useful insights on designing and deploying comprehensive cybersecurity solutions with open-source tools such as Wazuh, making visual insights for file integrity monitoring (FIM) in real time.