|
|
Tool for generalizing automated SOAR scenarios for cybersecurity knowledge sharing
Ištoňová, Miriam ; Dobiáš, Patrik (oponent) ; Safonov, Yehor (vedoucí práce)
Today’s era could be defined as quantity, speed and possibilities. Security monitoring centers have responded to the challenge of an unrelenting amount of information with monitoring and categorization tools such as SIEM. However, in case of incidents themselves, the speed and automation of response is offered by an advanced SOAR solution. Like any technology, SOAR offered by different companies also contributes to the variety of individual response scenario structures and formats, bringing the clear challenge of simplification, collaboration and generalization. Therefore, the bachelor thesis focuses on the implementation of a conversion tool, with the goal of unifying and generalizing the format of automated SOAR scenarios using the evolving CACAO playbook standard. The main benefit of the tool is the ability to unify the use of SOAR scenarios, ensure successful conversion and thus facilitate knowledge sharing in the field of cybersecurity. The theoretical part of this thesis focuses on the current issue of security monitoring, explains the importance of automation within incident response and offers a detailed analysis and comparison of available technologies and formats of automated incident response playbooks. The practical part is closely related and depends on the results of the analysis. It focuses on the selection and design of a suitable format for the description of the individual automatic response scenarios as well as the following final implementation of the conversion tool itself.
|
|
|
Automated network for deceiving attackers through illusory assets in cyberspace
Maťaš, Matúš ; Lieskovan, Tomáš (oponent) ; Safonov, Yehor (vedoucí práce)
The bachelor thesis deals with the design of a fake network to deceive attackers using SIEM to monitor network activity and SOAR to create scenarios with automatic countermeasures. The theoretical part of the thesis is describes the principles of attacker deception technologies, security monitoring and automated responses to security incidents. The practical part provides a detailed analysis of available tools for deceiving attackers. Subsequently, the design of a fake network is created with the use of virtual devices. The network incorporates a SIEM system for device monitoring and centralized log collection, and a SOAR system for creating scenarios with automatic countermeasures in the case of a security incident. The practical result of this work is the creation of a real network to deceive attackers with fake devices and the combination of advanced SIEM and SOAR solutions. Several attacks have been designed and simulated within this constructed network. Automated countermeasures have subsequently been created to respond to them.
|
|
|
Advanced Web-based Tool for Managing Security Correlation Rules and Cybersecurity Responses
Hemza, Martin ; Firc, Anton (oponent) ; Malinka, Kamil (vedoucí práce)
The aim of this bachelor thesis is to develop an advanced web-based tool for managing security correlation rules and cybersecurity responses, focusing on SIEM and SOAR technologies. The reason for this thesis is the lack of a standardized resource format for these technologies. As part of this work, these formats were found and a web tool was created to manage and design them. The interface for managing SOAR scenarios includes a visualization in the form of a decision tree. The application uses a microservices architecture with integration of the Git versioning system. Testing included a description of an attack and the use of the developed tool. The created tool allows security analysts to quickly design and manage resources for detecting and responding to security threats.
|
host ::
RSS.