|
|
Tool for generalizing automated SOAR scenarios for cybersecurity knowledge sharing
Ištoňová, Miriam ; Dobiáš, Patrik (referee) ; Safonov, Yehor (advisor)
Today’s era could be defined as quantity, speed and possibilities. Security monitoring centers have responded to the challenge of an unrelenting amount of information with monitoring and categorization tools such as SIEM. However, in case of incidents themselves, the speed and automation of response is offered by an advanced SOAR solution. Like any technology, SOAR offered by different companies also contributes to the variety of individual response scenario structures and formats, bringing the clear challenge of simplification, collaboration and generalization. Therefore, the bachelor thesis focuses on the implementation of a conversion tool, with the goal of unifying and generalizing the format of automated SOAR scenarios using the evolving CACAO playbook standard. The main benefit of the tool is the ability to unify the use of SOAR scenarios, ensure successful conversion and thus facilitate knowledge sharing in the field of cybersecurity. The theoretical part of this thesis focuses on the current issue of security monitoring, explains the importance of automation within incident response and offers a detailed analysis and comparison of available technologies and formats of automated incident response playbooks. The practical part is closely related and depends on the results of the analysis. It focuses on the selection and design of a suitable format for the description of the individual automatic response scenarios as well as the following final implementation of the conversion tool itself.
|
|
|
Automated network for deceiving attackers through illusory assets in cyberspace
Maťaš, Matúš ; Lieskovan, Tomáš (referee) ; Safonov, Yehor (advisor)
The bachelor thesis deals with the design of a fake network to deceive attackers using SIEM to monitor network activity and SOAR to create scenarios with automatic countermeasures. The theoretical part of the thesis is describes the principles of attacker deception technologies, security monitoring and automated responses to security incidents. The practical part provides a detailed analysis of available tools for deceiving attackers. Subsequently, the design of a fake network is created with the use of virtual devices. The network incorporates a SIEM system for device monitoring and centralized log collection, and a SOAR system for creating scenarios with automatic countermeasures in the case of a security incident. The practical result of this work is the creation of a real network to deceive attackers with fake devices and the combination of advanced SIEM and SOAR solutions. Several attacks have been designed and simulated within this constructed network. Automated countermeasures have subsequently been created to respond to them.
|
|
|
Advanced Web-based Tool for Managing Security Correlation Rules and Cybersecurity Responses
Hemza, Martin ; Firc, Anton (referee) ; Malinka, Kamil (advisor)
Cílem této bakalářské práce je vyvinout pokročilý webový nástroj pro správu bezpečnostních korelačních pravidel a kyberbezpečnostních reakcí, který se zaměřuje na technologie SIEM a SOAR. Důvodem vzniku této práce je absence standardizovaného formátu zdrojů těchto technologií. V rámci práce byly nalezeny právě takovéto formáty a byl vytvořen webový nástroj pro jejich správu a navrhování. Rozhraní pro správu SOAR scénářů zahrnuje vizualizaci ve formě rozhodovacího stromu. Aplikace využívá architekturu mikroslužeb s integrací verzovacího systému Git. Součástí testování byl proveden popis útoku a využití vzniklého nástroje. Vytvořený nástroj umožňuje bezpečnostním analytikům rychle navrhovat a spravovat zdroje pro detekci a odezvě na bezpečnostní hrozby.
|
guest ::
