Monitoring and analysing anomaly activities in a network using packetbeat

Abstract

The primary intention of any organization is to provide security for their information because they are sensitive to different types of threats that might cause damage to providing services to their customers which will lead to disaster. This paper will draw more attention to protecting the client’s systems from various network attacks by monitoring and analyzing the network traffic. Packet analysis can help us to identify the malicious network traffic, which is going to harm the entire systems connected to that network so that we can have some knowledge from the information extracted by analyzing network packets that will help us to get aware of the vulnerabilities and to resolve them before we become victims. Once we install the Packetbeat in our client’s system it will collect and send all the network data in that organization, which can be used to analyze them in order to find out the abnormal network traffic. Using ELK at server side, we can store, monitor and analyze the network data for identifying malicious network packets that are going to infect our client’s systems. This process can be helpful in small-scale SIEM services.