Implementation of Security Information and Event Management (SIEM) for Monitoring IT Assets Using Alienvault OSSIM (Case Study: Udayana University Information Resources Unit)

Abstract

One way that can be done to analyze cyber security equipment is by monitoring the logs it generates. Meanwhile, to be able to analyze the logs generated from each equipment requires a long time and has a high level of difficulty. When the management of the cyber security system is not going right, it causes the failure of the cyber security system. So a defense mechanism is needed on managing the log called Security Information and Event Management (SIEM) using Alienvault OSSIM tools. Threat Monitoring or monitoring of security threats in the Cyber world, is used to analyze, evaluate, and monitor network threats and as an end point for organizations to provide evidence of security threats, such as network intrusions, data exfiltration, ransomware and other malware attacks. The limitations of the problems carried out in this study were limited to Threat Monitoring using Alienvault OSSIM. There are 6 servers at the Udayana University Information Resources Unit (USDI) that are being monitored. Monitoring was carried out for 3 months. There were 230,622 Events or events that were collected as a whole. IT assets that have the most logs during monitoring are owned by DNS Servers with a total of 200,424 Events. There are 11 Event Names and 34 event logs that are discussed. The log is packaged in the form of a report along with an explanation, of course it can assist administrators in evaluating their IT assets. There is also an email notification feature using Gmail. Overall there are no attacks that are so significant with the low risk category. Alienvault OSSIM is proven to be able to carry out monitoring processes in real time properly and can help USDI to monitor the activities of its IT assets.