Show simple item record

dc.contributor.advisorBronk, Chris
dc.creatorDelgado, Pablo
dc.date.accessioned2018-06-22T21:52:50Z
dc.date.available2018-06-22T21:52:50Z
dc.date.createdMay 2018
dc.date.issued2018-05
dc.date.submittedMay 2018
dc.identifier.urihttp://hdl.handle.net/10657/3108
dc.description.abstractOrganizations of all sizes are fighting the same security battles while attackers keep changing the threat landscape by developing new tools and targeting victim endpoints; however, their attack kill chain along with motives have not changed, as their attacks initialize the same way and their end goal is usually data exfiltration of Intellectual property, or credit card information. This thesis proposes and evaluates The Elasticsearch Stack solution (ELK), an enterprise-grade logging repository and search engine to provide active threat hunting in a Windows enterprise environment. The initial phases of this thesis focus on the data quality, unsupervised machine learning, and newly developed attack frameworks such as MITRE’s (ATT&CK) as prerequisites to developing the proposed solution. Lastly, by using publicly known Attack Kill Chain methodologies such as Mandiant’s, several attack use cases were developed and tested against the ELK stack to ensure that logging was adequate to cover most attack vectors.
dc.format.mimetypeapplication/pdf
dc.language.isoen
dc.rightsThe author of this work is the copyright owner. UH Libraries and the Texas Digital Library have their permission to store and provide access to this work. Further transmission, reproduction, or presentation of this work is prohibited except with permission of the author(s).
dc.subjectElasticsearch
dc.subjectLogstash
dc.subjectAttack kill chain
dc.subjectThreat hunting
dc.titleDeveloping an Adaptive Threat Hunting Solution: The Elasticsearch Stack
dc.date.updated2018-06-22T21:52:51Z
dc.type.genreThesis
thesis.degree.nameMaster of Science
thesis.degree.levelMasters
thesis.degree.disciplineInformation Systems Security
thesis.degree.grantorUniversity of Houston
thesis.degree.departmentInformation and Logistics Technology, Department of
dc.contributor.committeeMemberConklin, Wm. Arthur
dc.contributor.committeeMemberKinsey, Denise M.
dc.type.dcmiText
dc.format.digitalOriginborn digital
dc.description.departmentInformation and Logistics Technology, Department of
thesis.degree.collegeCollege of Technology


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record