Show simple item record

dc.contributor.authorVethanayagam, Suhanthan
dc.description.abstractAccess log management is an essential part of cybersecurity. Lack of insight into user authentication patterns can hinder readiness and reaction to the growing threat of cyberattacks. Central Authentication Service (CAS) log is underutilized in threat detection due to its detailed and complex logging nature. This paper investigates the feasibility of turning unfriendly CAS logs into helpful datapoints utilizing Elastic Stack (Filebeat, Logstash, Elasticsearch and Kibana) to detect anomalies. CAS logs are collected by Filebeat and forwarded to Logstash. The deployment of a custom Grok filter in Logstash facilitates the normalization of complex CAS logs and the resulting data is indexed in Elasticsearch. A Python program using Elasticsearch’s aggregate function was developed to query the indexed data and compare password and multi-factor submission counts. This mechanism was found to have potential in detecting threats. Finally, Kibana’s rich visualization capabilities allow for exploring and shaping of data in innovative ways.en_US
dc.publisherNorth Dakota State Universityen_US
dc.rightsNDSU policy 190.6.2en_US
dc.titleThreat Identification from Access Logs Using Elastic Stacken_US
dc.typeMaster's paperen_US
dc.date.accessioned2020-12-31T15:28:13Z
dc.date.available2020-12-31T15:28:13Z
dc.date.issued2020
dc.identifier.urihttps://hdl.handle.net/10365/31678
dc.subject.lcshComputer security.
dc.subject.lcshComputer networks -- Security measures.
dc.subject.lcshComputers -- Access control.
dc.subject.lcshComputer networks -- Access control.
dc.subject.lcshApplication logging (Computer science)
dc.rights.urihttps://www.ndsu.edu/fileadmin/policy/190.pdfen_US
ndsu.degreeMaster of Science (MS)en_US
ndsu.collegeEngineeringen_US
ndsu.departmentComputer Scienceen_US
ndsu.programComputer Scienceen_US
ndsu.advisorDenton, Anne


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record