Overview:

The purpose of the project is to build an Intrusion Detection System (IDS), Suricata and Bro IDS, on the Living Lab server in order to monitor network traffics, extract files, and send all logs and alerts to ELK stack. Then, all logs and alerts should be visualized through the ELK stack.

Suricata is a free and open source Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). Suricata implements an entire signature language to match on known threats, policy violations, and malicious behavior. Bro is also open source network security monitor which provides great network analysis framework.

The ELK stack consists of Elasticsearch, Logstash, and Kibana used to centralize the data. The main purpose of the ELK is log analysis in IT environments. The ELK stack makes it easier and faster searching and analyzing big data to make real-time decisions-all the time.

Requirements:

  • Linux Ubuntu
  • Suricata
  • Bro IDS
  • Elasticsearch
  • Logstash
  • Kibana
  • Oracle Java Development Kit
  • Filebeat

Project Student: Jonghyeon Kim (Ethan)

Author