Implementation of Security Information and Event Management (SIEM) for Monitoring IT Assets Using Alienvault OSSIM (Case Study: Udayana University Information Resources Unit)
Abstract
One way that can be done to analyze cyber security equipment is by monitoring the logs it generates. Meanwhile, to be able to analyze the logs generated from each equipment requires a long time and has a high level of difficulty. When the management of the cyber security system is not going right, it causes the failure of the cyber security system. So a defense mechanism is needed on managing the log called Security Information and Event Management (SIEM) using Alienvault OSSIM tools. Threat Monitoring or monitoring of security threats in the Cyber world, is used to analyze, evaluate, and monitor network threats and as an end point for organizations to provide evidence of security threats, such as network intrusions, data exfiltration, ransomware and other malware attacks. The limitations of the problems carried out in this study were limited to Threat Monitoring using Alienvault OSSIM. There are 6 servers at the Udayana University Information Resources Unit (USDI) that are being monitored. Monitoring was carried out for 3 months. There were 230,622 Events or events that were collected as a whole. IT assets that have the most logs during monitoring are owned by DNS Servers with a total of 200,424 Events. There are 11 Event Names and 34 event logs that are discussed. The log is packaged in the form of a report along with an explanation, of course it can assist administrators in evaluating their IT assets. There is also an email notification feature using Gmail. Overall there are no attacks that are so significant with the low risk category. Alienvault OSSIM is proven to be able to carry out monitoring processes in real time properly and can help USDI to monitor the activities of its IT assets.
References
[2] Akmal, M. D., Diah, K., Wardhani, K., Muhammad, D., Fadhly, A., Jurnal, R., Komputer, A., Politeknik, T., Riau, C., Dzul Akmal, M., Arif, D. M., & Ridha, F. (2018). Impelementasi Security Information And Event Management (SIEM) Menggunakan Ossim. Jurnal Aksara Komputer Terapan Politeknik Caltex Riau, 7(2), 1.
[3] Anendya, A. (2023). Mengetahui Pengertian Software, Fungsi, Jenis, dan Contohnya. https://www.dewaweb.com/blog/apa-itu-software/
[4] Arfanudin, C., Sugiantoro, B., & Prayudi, Y. (2019). Analisis Serangan Router Dengan Security Information and Event Management Dan Implikasinya Pada Indeks Keamanan Informasi. CyberSecurity Dan Forensik Digita, 2(1), 1–7.
[5] Bagas, A. (2021). Peran Security Operation Center. Inixindo. https://www.inixindo.id/peran-security-operation-center/
[6] Bambang, W., Handaya, T., & Suteja, B. R. (2019). Laporan Penelitian Pengembangan Manajemen Keamanan Sistem dan Informasi dengan Penerapan Sistem Pendeteksi menggunakan OSSIM alienvault Fakultas Teknologi Informasi Universitas Kristen Maranatha.
[7] Computing, C. (2011). Analisis Performa Network Intrusion Detection System ( NIDS ) Menggunakan Metode Signature Based Dalam Mendeteksi Serangan Denial of Service ( DoS ) Berbasis UDP Flooding Muhammad Rien Suryatama Idrus ABSTRAK Analysis Performances of Network Intrusion Det.
[8] Cybersecurity, P. (2022). Security Operation Center. PROTERGO CYBERSECURITY. https://protergo.id/services/x-force-security-operation-center/
[9] Datacomm Cloud. (2017). Mengenal apa itu SIEM. Datacomm Cloud Business. https://datacommcloud.co.id/mengenal-apa-itu-siem/
[10] González-granadillo, G., González-zarzosa, S., & Diaz, R. (2021). Trends , and Usage in Critical Infrastructures.
[11] Hadiansyah, C., & Iskandar, I. (2020). Pembangunan Server Security Information Management Untuk Monitoring Keamanan Di Server Diskominfo Provinsi Jawa Barat. 1–8.
[12] Himawan, B., Hidayat, T., Detection, H. I., & Hids, S. (2007). Perancangan Host-Based Intrusion Detection System Berbasis. 2007(Snati), 69–73.
[13] Huda, N. (2022). SIEM: Pengertian, Cara Kerja, serta Perbedaannya dengan SOAR. https://www.dewaweb.com/blog/pengertian-siem/
[14] Jho. (2023). Apa itu DNS Server: Definisi, Fungsi & Cara Kerja! https://www.jogjahost.co.id/blog/dns-server-adalah/
[15] Kurniawan, B. (2022). Pengertian IDS, Cara Kerja, Jenis, Komponen, dan Contoh IDS.
[16] Lord, N. (2020). What is Threat Monitoring?
[17] Moedasir, A. (2022). Visi dan Misi Adalah: Perbedaan, Tujuan, dan Contoh. https://majoo.id/solusi/detail/visi-dan-misi
[18] Napizahni, M. (2023). Pengertian Hardware, Fungsi, Cara Kerja, Jenis, dan Contohnya. https://www.dewaweb.com/blog/apa-itu-hardware/
[19] Novi, V. (2021). Pengertian Struktur Organisasi: Fungsi, Jenis, dan Contoh. https://www.gramedia.com/literasi/supply-chain-management/
[20] Onno. (2021). OSSEC.
[21] Prasetio, Y. L. (2018). No Title. https://socs.binus.ac.id/2018/12/20/arsitektur-informasi/#:~:text=Arsitektur informasi akan membantu user,informasi dengan baik dan terstruktur.
[22] Rihal, M. (2019). Implementasi Dan Analisa Security Information Management Menggunakan OSSIM Pada Sebuah Perusahaan. Skripsi Fakultas Teknik, Program Studi Teknik Informatika.
[23] Riset, K., Dan, T., Tinggi, P., Tinggi, S., Informatika, M., Komputer, D. A. N., Juansyah, A., Pratama, B., & Dian, I. (2021). Analisis Dan Implementasi Open Source Security Pada Keamanan Jaringan Komputer.
[24] Roestam, I. R., Sc, M., & Ph, D. (2021). Monitoring Jaringan Dengan Memanfaatkan Ossim Alienvault Pada Pt . Metalogix Infolink Persada.
[25] Shinta, A. (2022). Pengertian Port, Jenis, dan Fungsinya pada Jaringan Komputer. https://www.dewaweb.com/blog/apa-itu-port/#Physical_Port
[26] Wikipedia. (2022a). Berkas log.
[27] Wikipedia. (2022b). OSSIM. https://en.wikipedia.org/wiki/OSSIM
[28] Yasin, A., & Mohidin, I. (2019). Monitoring DDOS Pada Openflow Switch Dengan Alienvault Ossim. Jurnal Teknologi Informasi Indonesia (JTII), 3(2), 23. https://doi.org/10.30869/jtii.v3i2.260
[29] Yasin, K. (2019). Apa Itu SSH dan Bagaimana Cara Kerjanya? https://www.niagahoster.co.id/blog/apa-itu-ssh/?gclid=CjwKCAjwo9unBhBTEiwAipC11-y9jIK51iBRUxuSQJZ7zDOujTQkNg4r-yztqAGeg_Pbk-6_COMQMBoCCyAQAvD_BwE