I. V. Kotenko, A. A. Kuleshov, I. A. Ushakov, “A system for collecting, storing and processing security information and events based on Elastic Stack tools”, Tr. SPIIRAN, 2017, Issue 54,Pages <nobr>5

This article is cited in 5 papers

Information Security

A system for collecting, storing and processing security information and events based on Elastic Stack tools

I. V. Kotenko^a, A. A. Kuleshov^b, I. A. Ushakov^b

^a St. Petersburg Institute for Informatics and Automation of Russian Academy of Sciences (SPIIRAS)
^b Federal State Budget-Financed Educational Institution of Higher Education, The Bonch-Bruevich Saint - Petersburg State University of Telecommunications (SPbSUT)

Abstract: The paper considers an approach to the design of a system for data and security events collecting, storing and processing based on Elastic Stack tools. The tasks of monitoring and incident management are analyzed; architectural solutions for monitoring systems are studied; requirements to such systems are defined; and the architecture of systems for data and security events collecting, storing and processing is suggested. The developed software prototype of such system is described, and the results of experiments are specified.

Keywords: security information and event management; Big Data; SIEM systems; Elastic Stack; Elasticsearch; Logstash; Kibana.

UDC: 004.056.53

DOI: 10.15622/sp.54.1