Design and Implementation of a SIEM (Security Information and Event Management) System in BADR Bank

Abstract

With the development and steady growth of several technologies, I.T. security has become a crucial issue for any business. As the information system is an essential asset of the company, the latter's security is paramount. This project consists of designing and implementing S.I.E.M. security information and event management for B.A.D.R. Bank, a tool that provides a dashboard to monitor the collected events and real-time analysis and alerts from the organization logs network equipment in case of anomalies. Open source tools E.L.K. and Wazuh are used for this solution. The system includes agents installed in multiple endpoints to collect logs from the different sources and send these data in a raw format to the processing server for standardization and parsing. The logs are indexed and stored and used by visualization tools as graphs and tables gathered in dashboards; alerts are created when identifying an attempted attack or anomaly in the system. Keywords: Alerts, attack, detection, E.L.K., logs, log management, monitoring, security, S.I.E.M., supervision, visualization, Wazuh.