Spring 2021, No. 1, vol. 3 / Romanian Cyber Security Journal
Automation of Log Analysis Using the Hunting ELK Stack
Mihail Alexandru STAN
Computer networks store data about processes, functional parameters and user activity everyday. The information is stored in log files, which have become mandatory in maintaining the security of a system and helping prevent cyber security incidents. Although logs collect useful data, the large amount of information that needs to be processed is a challenge. One of the log management systems is the ELK open source utility stack. This method of automating log analysis incorporates machine learning techniques. Machine learning methods make it possible to identify, with high precision, the differences between normal and abnormal data, and can thus be used to detect different types of network vulnerabilities. This project aims to implement the HELK stack for a computer network in order to streamline log analysis, detect vulnerabilities and lateral movements of malicious software.
Log files, ELK stack, Log management, Machine learning, Vulnerabilities detection.