Abstract
In security information and event management (SIEM), real-time monitoring together with analysis of log data for correlation of events can provide anomaly detection and notification. A centralized log system with big-data databases is required for SIEM in order to store and manage the log data. In this paper, we present dockerized Elastic Stack for security information and event management. The main reasons are because of lightweight, simplicity and supporting features. One of important Elasticsearch features is security information. Elasticsearch can act as Intrusion Detection System (IDS) together with log/event management as SIEM. Our experiments show that dockerized elastic stack can be efficiently used for security information and event management.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
