Deep Learning Anomaly Based SEIM Platform
Tamimi June 02, 2019 [Professional] #Software #AI #Deep Learning #Engineering #CyberSecurity
Img1: Project Launch
Introduction
This PoC project goal is to use ML/AI within a SEIM to detect and alarm the SOC team about any anomalies in the network an/or the end-points.
Img2: Project Workshop
The SEIM was built on top of several open source software, like CoreOS, Docker with Rancher, Kubernetes orchestration. It can be deployed in the clouds like AWS or baremetal/Virtual machine appliance, with the ability to scale it for enterprise use. Some of these features include.
Img3: SEIM High Level components
High level features
- Elastalert & Event Monitor Alerting
- OSSEC Wazuh fork with full integration for Host Intrusion Detection and PCIDSS
- Granular access with different views: CISO view, SoC view, etc.
- Incident Alerting via email or SMS, and integration with 'Slack/Jira/Telegram'.
- Open Source AuditIT by Opmantek.
- Compliance reports PCI DSS GDPR
- OSINT Orchestration primarily from PaloAlto, carbon black, Cisco umbrella.
- Open Source Incident Response. Alerts then viewed by human to eliminate false-positive.
- Dashboard with instant updates.
- The ability to integrate it to other dashboards like OpenVAS, Nessus etc.
Img4: Meeting with the client and demonstrating the project
Note: The comment section is powered by Cactus/Matrix. If you use the official Matrix server, you are good to go. However, if you use your personal Matrix server, make sure to log in with the first button and use your own client. This is because my CSP only allows Cactus/Matrix domains to connect from this site, and most likely, your profile picture will be broken!