Development of a Security information event and management system Using ELK Stack and Nagios.

Abstract

Multi devices need to be monitoring 24/7, we need a system to help us to track, alert,…etc, via the internet connection. Security Information and Event Management acronym SIEM will help you to handle that. SIEM system design to collect local logs,event or security logs from enddevices and from that analyze all that logs. SIEM will help us focus and detect attacks that can not be detected by conventional solutions like IDS/IPS, Firewall,….etc, and improve our effectiveness when troubleshooting. That is the reason why we want to develop SIEMs using ELK stack and Nagios with Grafana in our project. By using open-source software, both ELK stack and Nagios is the good choice to build a SIEM solution with lowcost and easy to use, and with Grafana, open-source software to provide us a professional interface to monitor. We also build a virtual environment for the project. The environment will be basically in the real world when the organization wants to monitor the assets.