Open-source security information and event management system
Skarbalius, Gustas (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025060319781
https://urn.fi/URN:NBN:fi:amk-2025060319781
Tiivistelmä
Open-source solutions play a vital role in addressing growing cybersecurity challenges and offering cost-effective, flexible, and community-supported tools. However, the application, configuration, and maintenance of such systems often pose significant complexities, requiring tailored approaches to meet the unique needs of organizations and effectively address cybersecurity concerns.
The objective of this thesis was to design and develop an open-source security information and event management (SIEM) system using SecurityOnion, SGUIL, Packet Tracer, and Oracle VM VirtualBox. The study sought to create a system that improves network security and enables continuous monitoring, and, thus, to provide insight into the effective use of open-source cybersecurity tools.
Qualitative methods were used to analyze existing challenges with open-source systems and benchmark the performance and reliability of SecurityOnion and associated tools. The development process included creating a virtualized network environment, configuring SIEM components, and integrating monitoring features to identify, analyze, and respond to security threats. The system was designed with an emphasis on transparency, adaptability, and efficiency to cater to diverse use cases.
The key outcome of this thesis was a fully functional and user-friendly SIEM system capable of detecting and addressing suspicious packets while offering a higher level of network security. By providing a comprehensive user guide and demonstrating the system’s capabilities, the thesis underscored the value of open-source solutions in advancing cybersecurity practices and ensuring information security.
The objective of this thesis was to design and develop an open-source security information and event management (SIEM) system using SecurityOnion, SGUIL, Packet Tracer, and Oracle VM VirtualBox. The study sought to create a system that improves network security and enables continuous monitoring, and, thus, to provide insight into the effective use of open-source cybersecurity tools.
Qualitative methods were used to analyze existing challenges with open-source systems and benchmark the performance and reliability of SecurityOnion and associated tools. The development process included creating a virtualized network environment, configuring SIEM components, and integrating monitoring features to identify, analyze, and respond to security threats. The system was designed with an emphasis on transparency, adaptability, and efficiency to cater to diverse use cases.
The key outcome of this thesis was a fully functional and user-friendly SIEM system capable of detecting and addressing suspicious packets while offering a higher level of network security. By providing a comprehensive user guide and demonstrating the system’s capabilities, the thesis underscored the value of open-source solutions in advancing cybersecurity practices and ensuring information security.