CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice Portugal
Autor(a) principal: | |
---|---|
Data de Publicação: | 2022 |
Tipo de documento: | Dissertação |
Idioma: | por |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10451/57663 |
Resumo: | Tese de Mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de Ciências |
id |
RCAP_a453347a22b1f667969d877ba9850e18 |
---|---|
oai_identifier_str |
oai:repositorio.ul.pt:10451/57663 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice PortugalActive DirectoryIBM QRadarSemperisEventoOfensaTeses de mestrado - 2022Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaTese de Mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasCyberattacks have been increasing, whether in number, vector diversity, targets, and impact. One of the hybrid factors that shifted the most to telecommuting for this increase was COVID-19 which forced a transition to full-time regimes or regimes, leading to an increase in the attack surface. The Advanced persistent threat (APT) has been a great threat for some years now, especially for organizations that use the Active Directory service, as it standardizes the management of all company resources. The use of AD is so widespread that in the information technology industry it is understood that all companies, regardless of its size, use this service for user authentication and authorization, as well as managing their own network. However, defending an organization’s network against a threat of this category remains a challenge that requires a lot of technological resources. It becomes unsustainable in the long run because however many resources a company has, it becomes impossible to have the resources or the ability to detect and defend against all methods available to attackers. An attack can be indefensible if it uses a zero-day vulnerability or through social engineering manages to enter the company’s network. From this moment, the attacker can hide on the network and take as long as he wants to carry out the malicious operation. The most common attack attempts to obtain Domain Administrator privileges, with which backdoors can be created and total control of the system can be obtained. But in this pandemic period, Ransomware has become the main threat to organizations, specially to high profile companies and governmental organizations. It has become usual to ask for ransoms in cryptocurrencies as blackmail to not encrypt or delete an organization’s data. Based on reports from organizations focused on information security, as well as academic documents, it was possible to define a set of attacks that were seen as the most impactful and frequent. Through various criteria, the use cases to be developed and through which technologies would be implemented were defined. At a certain point of the implementation, it was necessary to rethink the entire strategy of defining the use cases, since the technologies initially thought to be integrated, ended up not contributing in the necessary way to the detection of the offenses in question. Finally, the implementation of playbooks was carried out, which allows the automatic resolution of an incident, or even its enrichment until a security analyst carries out its resolution. This work carries out an in-depth research on the main types of attacks currently and proposes to define advanced use cases that allowed the CyberSOC of DCY to be able to detect threats and suspicious behavior occured in Active Directory. The proposed objectives were achieved through a tangible strategy for the organization, with the available sources, more specifically, the Microsoft Windows Security Log provided by Supercharger, CyberArk and Semperis DSP, in conjunction with IBM QRadar and Cortex XSOAR.Costa, António Casimiro Ferreira daAlegria, JoséRepositório da Universidade de LisboaNunes, Guilherme Nuno Baptista2023-05-29T17:04:41Z202220222022-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/57663porinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T17:06:28Zoai:repositorio.ul.pt:10451/57663Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:08:12.746352Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice Portugal |
title |
CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice Portugal |
spellingShingle |
CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice Portugal Nunes, Guilherme Nuno Baptista Active Directory IBM QRadar Semperis Evento Ofensa Teses de mestrado - 2022 Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
title_short |
CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice Portugal |
title_full |
CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice Portugal |
title_fullStr |
CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice Portugal |
title_full_unstemmed |
CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice Portugal |
title_sort |
CyberSOC4AD: integração de tecnologia Semperis e CyberArk no ecossistema SIEM IBM QRadar e Palo Alto Cortex XSOAR do CyberSOC da Altice Portugal |
author |
Nunes, Guilherme Nuno Baptista |
author_facet |
Nunes, Guilherme Nuno Baptista |
author_role |
author |
dc.contributor.none.fl_str_mv |
Costa, António Casimiro Ferreira da Alegria, José Repositório da Universidade de Lisboa |
dc.contributor.author.fl_str_mv |
Nunes, Guilherme Nuno Baptista |
dc.subject.por.fl_str_mv |
Active Directory IBM QRadar Semperis Evento Ofensa Teses de mestrado - 2022 Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
topic |
Active Directory IBM QRadar Semperis Evento Ofensa Teses de mestrado - 2022 Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
description |
Tese de Mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de Ciências |
publishDate |
2022 |
dc.date.none.fl_str_mv |
2022 2022 2022-01-01T00:00:00Z 2023-05-29T17:04:41Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10451/57663 |
url |
http://hdl.handle.net/10451/57663 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799134636375277568 |