Threat Hunting Using Elastic Stack: An Evaluation

Kiruthiga Subramanian, Weizhi Meng

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

Information Technology (IT) is now widely adopted in current business and organizations, which refers to the usage of any computers, networking and physical devices to help create, exchange and handle electronic data. While cyber-attacks are one major threat to IT based systems and networks. A successful attack can cause a major business loss, thus every organisation has their own information security measures. Among them, logging and monitoring is one important security measure to prevent an organization from threats. In particular, threat hunting is a significant approach to identify intruders. In this paper, our purpose is to study how well the Elastic stack tool can be used in threat hunting and compare it with four similar tools. It is found that Elastic Stack tool can be effective in detecting the threats/security events as well as cost-efficient while implementing on a large-scale environment.
Original languageEnglish
Title of host publicationProceedings of 2021 IEEE International Conference on Service Operations and Logistics, and Informatics
Number of pages6
PublisherIEEE
Publication date2021
Pages1-6
ISBN (Print)978-1-6654-6723-0
DOIs
Publication statusPublished - 2021
Event2021 IEEE International Conference on Service Operations and Logistics, and Informatics - Virtual event, Singapore
Duration: 11 Dec 202112 Dec 2021
Conference number: 15
https://ieeexplore.ieee.org/xpl/conhome/9672320/proceeding

Conference

Conference2021 IEEE International Conference on Service Operations and Logistics, and Informatics
Number15
LocationVirtual event
Country/TerritorySingapore
Period11/12/202112/12/2021
Internet address

Keywords

  • Elastic Stack
  • Log Analysis
  • Threat Hunting
  • Attack Recreation
  • Log Monitoring
  • IT Security

Fingerprint

Dive into the research topics of 'Threat Hunting Using Elastic Stack: An Evaluation'. Together they form a unique fingerprint.

Cite this