Implementasi Sistem Manajemen Log untuk Penanggulangan Serangan Server dengan SIEM

  • Willy Permana Putra Politeknik Negeri Indramayu
  • Renol Burjulius Politeknik Negeri Indramayu
  • Muhammad Anis Al Hilmi Politeknik Negeri Indramayu
  • A. Sumarudin Politeknik Negeri Indramayu
DOI: https://doi.org/10.37817/ikraith-informatika.v8i3.4359
Keywords: SIEM, Wazuh, DDoS, Log, real-time

Abstract

In the current digital era, information security has become a primary focus for organizations
worldwide. Rapid technological advancements have brought significant benefits but also
introduced increasingly sophisticated cyber threats and attacks. One approach to addressing these
challenges is through Security Information and Event Management (SIEM). SIEM integrates
Security Information Management (SIM) and Security Event Management (SEM) to collect,
analyze, and report security data from various network sources, enabling more effective detection,
response, and management of security incidents. This study focuses on handling server attacks
using Wazuh SIEM as an early warning system. The methodology involves setting up a network
topology to detect Distributed Denial of Service (DDoS) attacks using SIEM, collecting and
analyzing log data, correlating data to identify threats, and responding to detected threats. The
results indicate that SIEM is crucial in modern cybersecurity, providing real-time threat detection
and response capabilities. The system successfully detected and blocked 42 attacks during the
trial. In conclusion, SIEM offers greater security visibility and control, enabling organizations to
detect and respond to complex security threats efficiently and effectively. Modern SIEM systems,
equipped with advanced analytics and machine learning, can identify anomaly patterns and new
threats, thus strengthening an organization's cybersecurity defenses.

Published
2024-10-28
Issue
Vol. 8 No. 3 (2024): IKRAITH-INFORMATIKA Vol 8 No 3 November 2024
Section
Articles