Security Information and Event Management (SIEM) platforms are critical for organizations to monitor and manage their security operations centers. However, organizations using SIEM platforms have several challenges such as inefficiency of alert management and integration with real-time communication tools. These challenges cause delays and cost penalties for organizations in their efforts to resolve the alerts and potential security breaches. This paper introduces a cybersecurity Alert Distribution and Response Network (Adrian) system. Adrian introduces a novel enhancement to SIEM platforms by integrating SIEM functionalities with real-time collaboration platforms. Adrian leverages the uniquity of mobile applications of collaboration platforms to provide real-time alerts, enabling a two-way communication channel that facilitates immediate response to security incidents and efficient SIEM platform management. To demonstrate Adrian’s capabilities, we have introduced a case-study that integrates Wazuh, a SIEM platform, to Slack, a collaboration platform. The case study demonstrates all the functionalities of Adrian including the real-time alert distribution, alert customization, alert categorization, and enablement of management activities, thereby increasing the responsiveness and efficiency of Adrian’s capabilities. The study concludes with a discussion on the potential expansion of Adrian’s capabilities including the incorporation of artificial intelligence (AI) for enhanced alert prioritization and response automation.
References
[1]
Cinque, M., Cotroneo, D. and Pecchia, A. (2018) Challenges and Directions in Security Information and Event Management (SIEM). IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), Memphis, 15-18 October 2018, 95-99. https://doi.org/10.1109/ISSREW.2018.00-24
[2]
González-Granadillo, G., González-Zarzosa, S., Diaz, R. (2021) Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors, 21, 4759. https://doi.org/10.3390/s21144759
[3]
Sadowski, G., Kavanagh, K. and Bussa, T. (2020) Critical Capabilities for Security Information and Event Management. Gartner, 10-30. https://www.exclusivenetworks.com/se/wp-content
[4]
Forrester Total Economic Impact (2023) The Total Economic Impact of IBM Security QRadar SIEM.
[5]
RabbitMQ (2024) Installing RabbitMQ on Debian and Ubuntu. https://www.rabbitmq.com/docs/install-debian
[6]
Wazuh (2024) Official Documentation. https://documentation.wazuh.com/current/user-manual/api/configuration.html
Ram N Java (2023) RabbitMQ Direct Exchange Explained. https://www.youtube.com/watch?v=YDqlwRrno0w
[11]
Soumil Shah (2020) Starting with RabbitMQ Using Python. https://www.youtube.com/watch?v=eSN0otKzYOE&list=PLL2hlSFBmWwy8lhnj11FVJldKsZm66oq1
[12]
Geeksforgeeks (2023) Data Visualization with Python. https://www.geeksforgeeks.org/data-visual/
[13]
Ian Webster (2019) How to Send Dynamic Charts with Slack Bot. https://quickchart.io/documentation/send-charts-with-slack-bot/
[14]
Wazuh (2024) Integration with Third-Party APIs. https://documentation.wazuh.com/current/user-manual/manager/manual-integration.html
[15]
Real Python (2020) Getting Started with the Slack API Using Python and Flask. https://realpython.com/getting-started-with-the-slack-api-using-python-and-flask/
[16]
Splunk (2023) Common Information Model Add-on Manual. https://docs.splunk.com/Documentation/CIM/5.3.1 /User/Alerts
[17]
Fireship (2020) How to Build a Slack App. https://www.youtube.com/watch?v=25ArxpK48tU
[18]
Rohan Singh (2023) How to Run Python Flask App Online Using Ngrok? https://www.tutorialspoint.com/how-to-run-python-flask-app-online-using-ngrok
[19]
Slack API (2024) Building an App with Bolt for Python. https://api.slack.com/start/building/bolt-python
[20]
Peter Baumgartner (2016) Creating Slack Command with Python and Flask. https://pmbaumgartner.github.io/blog/slack-commands-with-python-and-flask/
