In the current digital era, information security has become a primary focus for organizationsworldwide. Rapid technological advancements have brought significant benefits but alsointroduced increasingly sophisticated cyber threats and attacks. One approach to addressing thesechallenges is through Security Information and Event Management (SIEM). SIEM integratesSecurity Information Management (SIM) and Security Event Management (SEM) to collect,analyze, and report security data from various network sources, enabling more effective detection,response, and management of security incidents. This study focuses on handling server attacksusing Wazuh SIEM as an early warning system. The methodology involves setting up a networktopology to detect Distributed Denial of Service (DDoS) attacks using SIEM, collecting andanalyzing log data, correlating data to identify threats, and responding to detected threats. Theresults indicate that SIEM is crucial in modern cybersecurity, providing real-time threat detectionand response capabilities. The system successfully detected and blocked 42 attacks during thetrial. In conclusion, SIEM offers greater security visibility and control, enabling organizations todetect and respond to complex security threats efficiently and effectively. Modern SIEM systems,equipped with advanced analytics and machine learning, can identify anomaly patterns and newthreats, thus strengthening an organization's cybersecurity defenses.
Read full abstract