Use case creation and management
Iso-Oja, Mikko (2021)
Iso-Oja, Mikko
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2021060113239
https://urn.fi/URN:NBN:fi:amk-2021060113239
Tiivistelmä
The main goal of the thesis was to start the implementation of a use case library database
application and to gain insight into the use of Sigma format.
In the beginning discussions were held on the direction of the work: What should be
accomplished and how to limit the scope of the work? Sigma format was the only
mandatory component of the work. Otherwise, free options were given to develop the
application.
The application was developed with the use of the following methods, technologies, and
programming languages. Python3, MySQL, GitHub, Linux, Bash and Sigma and its Sigmac
conversion tool.
Sigma allows easy conversion of alert use case templates to different security monitoring
and event management platforms (SIEM). This can be beneficial in avoiding a vendor lock.
Also, as a MSSP Telia Cygate might have in its control multiple different SIEM platforms
from different vendors and Sigma allows easy conversion of an alert use case to multiple
formats.
The work was presented to Telia Cygate’s cybersecurity development team. Discussions
and a survey were conducted to gather opinions about the developed app and to gather
the development team’s opinions on Sigma format.
application and to gain insight into the use of Sigma format.
In the beginning discussions were held on the direction of the work: What should be
accomplished and how to limit the scope of the work? Sigma format was the only
mandatory component of the work. Otherwise, free options were given to develop the
application.
The application was developed with the use of the following methods, technologies, and
programming languages. Python3, MySQL, GitHub, Linux, Bash and Sigma and its Sigmac
conversion tool.
Sigma allows easy conversion of alert use case templates to different security monitoring
and event management platforms (SIEM). This can be beneficial in avoiding a vendor lock.
Also, as a MSSP Telia Cygate might have in its control multiple different SIEM platforms
from different vendors and Sigma allows easy conversion of an alert use case to multiple
formats.
The work was presented to Telia Cygate’s cybersecurity development team. Discussions
and a survey were conducted to gather opinions about the developed app and to gather
the development team’s opinions on Sigma format.