<tt>SAIBERSOC</tt>
            : A Methodology and Tool for Experimenting with Security Operation Centers

Rosso, Martin; Campobasso, Michele; Gankhuyag, Ganduulga; Allodi, Luca

doi:10.1145/3491266

Cited by 2 publications

(1 citation statement)

References 27 publications

(32 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…4, this architecture is wellrounded. It incorporates log monitoring, threat intelligence, asset inventory, configuration assessment, compliance monitoring, and automated incident response to detect and respond to security issues [15][16][17][18][19].…”

Section: Architecturementioning

confidence: 99%

Building a Scalable Security Operations Center: A Focus on Open-source Tools

Bassey,

Chinda,

Idowu

2024

J. Eng. Res. Rep.

View full text Add to dashboard Cite

Given the prevalence of a wide variety of cyber attacks against businesses of all sizes, it is essential to ensure that adequate security monitoring of organizational assets and infrastructure is in place to ensure the early detection and response to security incidents. By using a security information and event management (SIEM) tool in collaboration with other security tools, such as an extended detection and response (XDR) tool, all housed in an organizational unit, adequate security monitoring and response to detected incidents can be achieved. This research builds a SOC architecture with various components to ensure complete security visibility across endpoints and digital assets. Then, it proposes low-cost open-source tooling that can be used to implement this architecture. To validate the performance of this architecture, the architecture was implemented using the proposed tools, which included the Wazuh platform as the XDR and SIEM tool, TheHive for case management, and Suricata for network intrusion detection. Subsequently, various cybersecurity scenarios, such as brute force attacks, malware downloads, and DoS attacks, were executed against endpoints monitored by this deployed architecture. The results show that the tools implemented performed the correct exposure assessment and successfully detected and responded to the various scenarios. This paper proposed a security operations center architecture utilizing open-source tools and successfully implemented it to detect common cybersecurity attacks.

show abstract