1. IPB Scientific Repository
  2. Dissertations and Theses
  3. Undergraduate Theses
  4. UT - Faculty of Mathematics and Natural Sciences
  5. UT - Computer Science
Please use this identifier to cite or link to this item: http://repository.ipb.ac.id/handle/123456789/136766
Title: Analisis Integrasi Security Information and Event Management (SIEM) Wazuh dengan Suricata pada Azure Cloud Web Server
Authors: Neyman, Shelvie
Fachruddin, Luthfi
Issue Date: 2023
Publisher: IPB University
Abstract: Beberapa tools monitoring yang berfungsi untuk memberikan peringatan (alert) terkait keamanan pada agent yang ada pada jaringan cloud adalah Security Information and Event Management (SIEM) dan Intrusion Detection System (IDS). Wazuh merupakan salah satu open-source SIEM dan suricata adalah open-source IDS yang masing-masing memiliki kelebihan dan kekurangan. Penelitian ini bertujuan untuk mengintegrasikan SIEM wazuh dengan suricata pada azure cloud web server agar dapat memiliki rule yang lebih kaya sehingga bisa meningkatkan performa deteksi serta menampilkan output log pada suatu dashboard wazuh manager berbasis web. Metode yang digunakan adalah pendekatan terhadap metode Network Development Life Cycle (NDLC). Penelitian ini berhasil menguji sistem pada skenario serangan DoS SYN flood, SQL injection, bruteforce, suspicious network traffic, dan malicious file monitoring. Hasil percobaan menunjukkan bahwa SIEM wazuh tanpa suricata hanya mampu mendeteksi 2 dari 5 skenario penyerangan sementara dengan suricata dapat mendeteksi 4 dari 5 skenario penyerangan, serta berhasil didapatkan juga analisis terhadap penggunaan CPU dan RAM.
Several monitoring tools that function to provide security-related warnings to agents on cloud networks are Security Information and Event Management (SIEM) and Intrusion Detection System (IDS). Wazuh is an open source SIEM and suricata is an open source IDS, each of which has advantages and disadvantages. This research aims to integrate Wazuh SIEM with Suricata on Azure Cloud Web Server so that it can have richer rules that can improve detection performance and display log output on the web-based Wazuh Manager dashboard. The method used is the Network Development Life Cycle (NDLC) method approach. This research successfully tested the system in scenarios of DoS SYN flooding, SQL injection, brute force, suspicious network traffic, and malicious file attack monitoring. The experimental results show that SIEM wazuh without Suricata is only able to detect 2 out of 5 attack scenarios, whereas with Suricata it can detect 4 out of 5 attack scenarios, and analysis of CPU and RAM usage is also obtained.
URI: http://repository.ipb.ac.id/handle/123456789/136766
Appears in Collections:UT - Computer Science

Files in This Item:
File Description SizeFormat 
Cover.pdf
  Restricted Access		Cover365.62 kBAdobe PDFView/Open
G64180025_Luthfi Fachruddin.pdf
  Restricted Access		Fullteks2.49 MBAdobe PDFView/Open
Lampiran.pdf
  Restricted Access		Lampiran1.11 MBAdobe PDFView/Open
Show full item record Recommend this item


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.