SIEMTINEL

Cloud-based SIEM with ELK Stack and Suricata

Overview

SIEMTINEL is a comprehensive Security Information and Event Management (SIEM) system that integrates the ELK Stack with Suricata for network intrusion detection, Kafka for scalable log transport, and Filebeat for log shipping. Deployed in the cloud, SIEMTINEL offers real-time threat detection, analysis, and incident response.

Key Features

Real-time log ingestion, processing, and threat detection
Suricata-powered network threat monitoring
Kafka-based distributed log transport
Customizable Kibana dashboards for visual insights
Scalable cloud infrastructure for high-volume log analysis

Development Process

The SIEMTINEL project followed an agile development methodology, beginning with setting up the ELK stack and Suricata for intrusion detection. We integrated Kafka and Filebeat to enhance log transportation and applied containerization through Docker to streamline deployment and scalability.

Project Details

Date: 2024
Category: Security
Team: Moad El Motassadeq Saaida Hnais
Client: School Project

Technologies Used

Elasticsearch

Logstash

Kibana

Suricata

Kafka

Filebeat

Docker

AWS

Project Links

Project Repository

Challenges and Solutions

Handling High-Volume Log Data

The system had to process millions of logs per second without compromising real-time threat detection.

Solution: We deployed Kafka for distributed log transport and leveraged Elasticsearch's scalability for efficient log storage and querying.

Reducing False Positives

Initial alert rules generated an overwhelming number of false positives, affecting the system's reliability.

Solution: Enhanced the alerting rules to reduce noise and improve detection accuracy.

Results and Impact

SIEMTINEL is operational across multiple environments, processing over a billion log events daily. We have successfully reached almost 70% of our objectives, significantly enhancing threat detection and response capabilities.

Project Gallery