Please use this identifier to cite or link to this item: https://hdl.handle.net/11264/1224
Title: ASSEMBLAGE SEMI-AUTOMATIQUE DE LOGS POUR ENTRAINEMENT D’OPÉRATEURS DE SIEM
Authors: Ménard, Sébastien
Royal Military College of Canada / Collège militaire royal du Canada
Leblanc, Sylvain
Keywords: SIEM
CYBER TRAINING
SIMULATION
LOGS
EMULATION
Network operantion Center
cyber defense
Issue Date: 1-Feb-2017
Abstract: Security information and Event management (SIEM) software enable the aggregation of information generated by all security sensors within a defended network providing optimal visibility on security alerts. SIEMS have become the main information management tool used by system defenders to organize logs and security alerts for an organization's Network Operation Center (NOC). The training of system defenders is a recurring challenge, which is costly in terms of both money and time. This research contributes to the development of training methods that does not depend on network penetration teams. This research is based on the development of new techniques to train network defenders, particularly SIEM operators. We intend to develop a new approach that does not rely on the presence of a penetration testing team. The use of SIEM replay connectors is a viable alternative to train SIEMS operators. However, organizing logs characteristic of malicious scenarios in a way which can be useable by SIEM replay connectors is not trivial. This research has developed techniques and proposes an architecture to assemble logs useable by replay connectors to train SIEM operators in a semi-automatic fashion.
URI: https://hdl.handle.net/11264/1224
Appears in Collections:Theses

Files in This Item:
File Description SizeFormat 
Thèse MScA Capt Ménard Mémoire.pdfThesis1.82 MBAdobe PDFThumbnail
View/Open


Items in eSpace are protected by copyright, with all rights reserved, unless otherwise indicated.