Optimizing endpoint detection and monitoring in enterprise solution: A cyber threat intelligence approach
Advanced cyber threat intelligence systems are crucial at a time when enterprise solutions are increasing and are being targeted by more sophisticated cyberattacks. This research aims to improve endpoint detection and monitoring in enterprises by installing a Security Information and Event Managemen...
Saved in:
| Published in | Computer and information technology pp. 2683 - 2688 |
|---|---|
| Main Authors | , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
20.12.2024
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 2474-9656 |
| DOI | 10.1109/ICCIT64611.2024.11021895 |
Cover
| Abstract | Advanced cyber threat intelligence systems are crucial at a time when enterprise solutions are increasing and are being targeted by more sophisticated cyberattacks. This research aims to improve endpoint detection and monitoring in enterprises by installing a Security Information and Event Management (SIEM) system based on Wazuh having an open-source robust and flexible Host Intrusion Detection System (HIDS) with integration into ELK Stack. The infrastructure creates a powerful combination of analytical security, intrusion detection, log data analysis, file integrity monitoring (FIM), and vulnerability management capabilities using the Wazuh active response module to detect security threats and continuous monitoring. Wazuh provides a robust and cost-effective solution that instantly detects and monitors simulated attacks such as denial-of-service (DoS) attacks by spotting suspicious file changes in real-time, SSH authentication failure, and identifying the root source of the flood of requests. This study also provides useful insights on designing and deploying comprehensive cybersecurity solutions with open-source tools such as Wazuh, making visual insights for file integrity monitoring (FIM) in real time. |
|---|---|
| AbstractList | Advanced cyber threat intelligence systems are crucial at a time when enterprise solutions are increasing and are being targeted by more sophisticated cyberattacks. This research aims to improve endpoint detection and monitoring in enterprises by installing a Security Information and Event Management (SIEM) system based on Wazuh having an open-source robust and flexible Host Intrusion Detection System (HIDS) with integration into ELK Stack. The infrastructure creates a powerful combination of analytical security, intrusion detection, log data analysis, file integrity monitoring (FIM), and vulnerability management capabilities using the Wazuh active response module to detect security threats and continuous monitoring. Wazuh provides a robust and cost-effective solution that instantly detects and monitors simulated attacks such as denial-of-service (DoS) attacks by spotting suspicious file changes in real-time, SSH authentication failure, and identifying the root source of the flood of requests. This study also provides useful insights on designing and deploying comprehensive cybersecurity solutions with open-source tools such as Wazuh, making visual insights for file integrity monitoring (FIM) in real time. |
| Author | Noor, Jannatun Sarker, Apurba Mondal, Joty Prokash Seraj, Mehnaz |
| Author_xml | – sequence: 1 givenname: Apurba surname: Sarker fullname: Sarker, Apurba email: apurba.sarker@g.bracu.ac.bd organization: Brac University,Department of CSE,Dhaka,Bangladesh – sequence: 2 givenname: Joty Prokash surname: Mondal fullname: Mondal, Joty Prokash email: joytiprokash.mondal@g.bracu.ac.bd organization: Brac University,Department of CSE,Dhaka,Bangladesh – sequence: 3 givenname: Mehnaz surname: Seraj fullname: Seraj, Mehnaz email: seraj.mehnaz@bracu.ac.bd organization: Brac University,Department of CSE,Dhaka,Bangladesh – sequence: 4 givenname: Jannatun surname: Noor fullname: Noor, Jannatun email: jannatun.noor@bracu.ac.bd organization: Brac University,Department of CSE,Dhaka,Bangladesh |
| BookMark | eNo10M1KAzEUBeAoCtbaN3CRF5ia_0zclUHrQKGb7kuSudNGpsmQiYv69LaoqwuHj8PhPqK7mCIghClZUkrMS9s07U4JRemSESauIaO1kTdoYbSpOaeSGmLELZoxoUVllFQPaDFNn4QQqhhlRM5Q2I4lnMJ3iAcMsRtTiAV3UMCXkCK2scOnFENJ-SpCvKACecxhAjyl4euqXvEK-7ODjMsxgy0XVmAYwgGiB2zHMSfrj0_ovrfDBIu_O0e797dd81Fttuu2WW2qYHipaiNcX-tOgVJaOyZ6Z53oCfFcO2eZpZxq2RtdO08k9FQorYTjXCrnvAQ-R8-_tQEA9pehJ5vP-__n8B-_OV3U |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ICCIT64611.2024.11021895 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE/IET Electronic Library IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9798331519094 |
| EISSN | 2474-9656 |
| EndPage | 2688 |
| ExternalDocumentID | 11021895 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IH 6IK 6IL 6IM AAJGR ALMA_UNASSIGNED_HOLDINGS CBEJK IPLJI RIE RIL |
| ID | FETCH-LOGICAL-i93t-894bf87d6e6677b24fbab4f00c37bba2a13175f978bc05ef146764b3356bbc5e3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 01:45:46 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i93t-894bf87d6e6677b24fbab4f00c37bba2a13175f978bc05ef146764b3356bbc5e3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_11021895 |
| PublicationCentury | 2000 |
| PublicationDate | 2024-Dec.-20 |
| PublicationDateYYYYMMDD | 2024-12-20 |
| PublicationDate_xml | – month: 12 year: 2024 text: 2024-Dec.-20 day: 20 |
| PublicationDecade | 2020 |
| PublicationTitle | Computer and information technology |
| PublicationTitleAbbrev | ICCIT |
| PublicationYear | 2024 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0001621205 |
| Score | 1.8947805 |
| Snippet | Advanced cyber threat intelligence systems are crucial at a time when enterprise solutions are increasing and are being targeted by more sophisticated... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 2683 |
| SubjectTerms | Brute-force attack Cyber threat intelligence Denial of Service (DoS) attack Elastic-search ELK Stack Endpoint detection File integrity monitoring (FIM) Filebeat Malware Monitoring Network intrusion detection Pipelines Privacy Real-time monitoring Real-time systems Scalability Security Information and Event Management (SIEM) Threat assessment Visualization Wazuh |
| Title | Optimizing endpoint detection and monitoring in enterprise solution: A cyber threat intelligence approach |
| URI | https://ieeexplore.ieee.org/document/11021895 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LSwMxEA62J08qVnyTg9fdprt57HqTYmkFq4cKvZVMMouLdFvq9mB_vclu16ogeAuBhCGTzCvfzBBy49weYTVXASQKAm6yXpAmsQyUSEViILUSfWjgcSyHL_xhKqbbZPUqFwYRK_AZhn5Y_eXbhVn7UFm35_tQJ6lokZa7Z3Wy1i6gIp0UZqJB67C0O-r3RxPJZc_7gREPm-U_GqlUemRwQMYNBTV85C1clxCaza_ijP8m8ZB0dil79PlLGR2RPSyOSf7kBMI837gZioVdLvKipBbLCn5VUF1YOq_etA_u0bygWEMQ83ekzZ28pXfUfACuaPnqDUyafyviSZuS5B0yGdxP-sNg21shyNO4DJKUQ5YoxwkplYKIZ6CBZ4yZWAHoSPe8XZE5FxMME5h5eSo5OMZKACMwPiHtYlHgKaEGI6bAJkxp5KCkTqRlOhZuF6Uts2ek449ptqyrZ8yaEzr_Y_6C7HtuechIxC5Ju1yt8cop_hKuK4Z_AilHr5w |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwELagDDABoog3HlgT3MSPhA1VoJZHYQgSW-WzLyJCTStIB_j12EnDS0JiszycrDv7Xv7ujpATF_YIq7kKIFEQcJP3gjSJZaBEKhIDqZXoUwO3Izl44FeP4nFRrF7XwiBiDT7D0C_rv3w7NXOfKjvt-TnUSSqWyYoz_Fw05VpfKRXp9DATLV6HpafDfn-YSS57PhKMeNgS-DFKpbYkl-tk1J6hAZA8h_MKQvP-qz3jvw-5QbpfRXv0_tMcbZIlLLdIcedUwqR4dzsUSzubFmVFLVY1AKukurR0Ur9qn96jRUmxASEWr0jbW3lGz6l5A3yh1ZN3MWnxrY0nbZuSd0l2eZH1B8FiukJQpHEVJCmHPFFOFlIqBRHPQQPPGTOxAtCR7nnPIndBJhgmMPcaVXJwopUARmC8TTrltMQdQg1GTIFNmNLIQUmdSMt0LBwVpS2zu6Tr2TSeNf0zxi2H9v7YPyarg-z2ZnwzHF3vkzUvOQ8gidgB6VQvczx0bkAFR7XwPwCGyrLp |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Computer+and+information+technology&rft.atitle=Optimizing+endpoint+detection+and+monitoring+in+enterprise+solution%3A+A+cyber+threat+intelligence+approach&rft.au=Sarker%2C+Apurba&rft.au=Mondal%2C+Joty+Prokash&rft.au=Seraj%2C+Mehnaz&rft.au=Noor%2C+Jannatun&rft.date=2024-12-20&rft.pub=IEEE&rft.eissn=2474-9656&rft.spage=2683&rft.epage=2688&rft_id=info:doi/10.1109%2FICCIT64611.2024.11021895&rft.externalDocID=11021895 |