Network Log Analyser

Background

Continuous monitoring of systems and networks is extremely essential to detect, prevent, and respond to cyber security threats. Security Operation Centre (SOC) plays an important role for situational awareness of an organisation, where all logs are monitored continuously. This provides a near real-time perception of threat landscape. However, in case of a scenario where multiple isolated networks are to be monitored, it may be important to undertake this activity in all isolated networks independently. The central monitoring may also be taken up separately, only the logs are collected in the central location on regular intervals.

Detailed Description

• a) Development of a portable self-oriented, fully functional log analysis tool to monitor cyber security events on isolated networks.
• b) Configuration capability to prepare a light, informal, and efficient environment tailored to the target IT infrastructure of isolated networks.
• c) Efficient detection of cyber security attacks based on malicious tactics, techniques, and procedures (TTPs) signature, anomaly, heuristic, behavioral, rule-based analysis, network traffic analysis, and threat intelligence feeds.
• d) Simple and efficient methodology to update the tool environment and necessary components for keeping it current with evolving threats.