Visualization of Vulnerabilities by unmasking windows event logs with Elasticsearch and Kibana

  • P. Roshni Mol et al.

Abstract

The impact of cyber attacks against private organizations and government agencies has created a need for improving security and monitoring of Information Technology assets. Analysis and continuous monitoring of security events is one of the key areas to detect and prevent security compromises. To perform effective monitoring and analysis of security events a centralized log management tool is required. This paper proposes an event collection and analysis system to monitor the security of Windows Operating System’s events using Elasticsearch, Logstash and Kibana. Security alarms and vulnerabilities such as bruteforce attacks, authorization theft and reuse, endurance of system, backdoor local account creation, unauthorized remote login can be diagnosed and escalated to the security analysts for further analysis. Separate dashboards are used to monitor analysed events in real-time for security alarms. Security events and system events of Windows 10 operating system were collected for analysis. Elasticsearch was used to create index and  search was done based on that index. Kibana was used to visualize the windows event logs..

Published
2019-12-29
How to Cite
et al., P. R. M. (2019). Visualization of Vulnerabilities by unmasking windows event logs with Elasticsearch and Kibana. International Journal of Advanced Science and Technology, 28(19), 425 - 432. Retrieved from http://sersc.org/journals/index.php/IJAST/article/view/2551
Issue
Vol. 28 No. 19 (2019)
Section
Articles