• A
  • A
  • A
  • ABC
  • ABC
  • ABC
  • А
  • А
  • А
  • А
  • А
Regular version of the site
For visually-impairedFor visually-impairedUser profile (HSE staff only)Search
Advanced search
Menu
HSE University

Integration of IRP and SIEM Platforms for Optimisation Information Security Event Management

Student: Kiselev Ilya

Supervisor: Anton Sergeev

Faculty: HSE Tikhonov Moscow Institute of Electronics and Mathematics (MIEM HSE)

Educational Programme: Cybersecurity (Master)

Year of Graduation: 2024

The final qualification work titled "Integration of IRP and SIEM Platforms for Optimisation Information Security Event Management" addresses the critical need for enhancing the efficiency of information security event management through the integration of Incident Response Platforms (IRP) and Security Information and Event Management (SIEM) systems. This study is relevant due to the increasing complexity and frequency of cyber threats that necessitate more robust and coordinated incident response mechanisms. The object of research in this work is the integration of IRP and SIEM platforms to streamline and optimize the incident response process. The research begins with a comprehensive review of scientific and technical literature, laying the theoretical foundations of incident response and highlighting the pivotal role of Security Operations Centers (SOC) in managing incidents. It delves into practical aspects of incident response, breaking down the phases of response and detailing SOC involvement in each stage, from detection and analysis to containment, eradication, recovery, and post-incident actions. A significant part of this work is dedicated to the technical preparation of a virtual testbed and the deployment of relevant software. This includes setting up a virtual environment and deploying the Splunk image on Kubernetes, developing an integration module with the IRP platform based on Atlassian Jira, and creating a microservice to automate event processing within Jira. The results of this research demonstrate the distinctive advantages of integrating IRP and SIEM platforms. The developed integration module and microservice significantly enhance the automation and efficiency of incident response processes. Key benefits include reduced response times, improved coordination among SOC teams, and a more streamlined workflow for handling security events. These improvements underscore the potential for integrated systems to provide a more effective and proactive defense against cyber threats. The paper contains 54 pages, 9 figures, 2 tables, 16 sources, 3 appendices.

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses