Visualization of SIEM Log Data for Alerting and Monitoring
Päivärinta, Karri (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025120733351
https://urn.fi/URN:NBN:fi:amk-2025120733351
Tiivistelmä
The study was conducted to examine how visualization based on the MITRE ATT&CK framework could enhance situational awareness and support decision-making in Security Operations Center (SOC) environments. The main objective was to develop a prototype dashboard capable of integrating log data with ATT&CK tactics and techniques to identify detection coverage and potential gaps.
A practical case study approach was applied, utilizing Splunk as the platform for data visualization. Premade log data from different customers and business sectors were used to design interactive panels illustrating data usage, alert distribution and technique occurrences over time. The MITRE ATT&CK heatmap add-on was implemented to visualize tactic and technique coverage, while supporting filters and consistent color palettes were incorporated to improve usability and accessibility.
The resulting POC dashboard provided an integrated and interpretable view of SOC data, demonstrating how structured threat intelligence can be combined with operational information to improve monitoring effectiveness. The solution was assessed to be functional and adaptable for future development. It was concluded that ATT&CK-based visualization can support SOC analysts in identifying detection gaps and optimizing log usage, thereby contributing to more informed and proactive security operations.
A practical case study approach was applied, utilizing Splunk as the platform for data visualization. Premade log data from different customers and business sectors were used to design interactive panels illustrating data usage, alert distribution and technique occurrences over time. The MITRE ATT&CK heatmap add-on was implemented to visualize tactic and technique coverage, while supporting filters and consistent color palettes were incorporated to improve usability and accessibility.
The resulting POC dashboard provided an integrated and interpretable view of SOC data, demonstrating how structured threat intelligence can be combined with operational information to improve monitoring effectiveness. The solution was assessed to be functional and adaptable for future development. It was concluded that ATT&CK-based visualization can support SOC analysts in identifying detection gaps and optimizing log usage, thereby contributing to more informed and proactive security operations.