Romanian Cyber Security Journal / Spring 2021, No. 1, Vol. 3

Automation of Log Analysis Using the Hunting ELK Stack

Mihail Alexandru STAN

---

Abstract

Computer networks store data about processes, functional parameters and user activity everyday. The information is stored in log files, which have become mandatory in maintaining the security of a system and helping prevent cyber security incidents. Although logs collect useful data, the large amount of information that needs to be processed is a challenge. One of the log management systems is the ELK open source utility stack. This method of automating log analysis incorporates machine learning techniques. Machine learning methods make it possible to identify, with high precision, the differences between normal and abnormal data, and can thus be used to detect different types of network vulnerabilities. This project aims to implement the HELK stack for a computer network in order to streamline log analysis, detect vulnerabilities and lateral movements of malicious software.

Keywords

Machine learning, ELK stack, Log files, Vulnerabilities detection, Log management