Implementación de un siem para la defensa activa ante intrusiones en una red : Implementación de un siem para la defensa activa ante un ataque por malware.

Abstract

The present project is based on the implementation of two SIEM servers: Wazuh and AlienVault, with the purpose of evaluating the security status of each SIEM, protecting, detecting, and analyzing attacks in real-time. First, to carry out this activity, a study must be conducted by visiting the official websites of each SIEM tool to observe their respective hardware and software specifications, obtaining information for their proper functioning. After obtaining the aforementioned information, the two SIEM servers are implemented and configured. Next, the network topology must be implemented using an emulator called GNS3 to establish connectivity between both servers. Once the SIEM servers are configured, a malware attack simulation is performed. After performing this attack simulation, the behavior of each SIEM is verified by conducting a comparative technical analysis between both servers. Finally, the respective graphs generated by both servers, Wazuh and AlienVault, are analyzed and evaluated, demonstrating that they are two key security tools that can be easily used in cybersecurity operations. These tools provide a quick response to an attack, offering an effective way to stop them without causing any harm to the network or loss of information. The conclusions of the work aim to determine an implemented solution providing effective means of protection against various cyberattacks observed today.