Project Content - Cybersader

# Project Proposal - Creation/Ideation: - Cost-effective framework/architecture to obtain event/log visibility - Log management framework that achieves consistent and cost effective visibility in modular fashion and without using unaffordable proprietary technology - Research: - Preliminary research will also be utilized to inform and guide the development of the framework. - Implementation: - Utilize open source or free technology with the framework for a log management and/or visibility stack that allows for detection engineering # Architecture, Tech Stack # Brainstorming, Ideas, Curations ## Attacks to Detect - User authentication anomalies - ## Datasets for SIEM ### Curated Datasets - Misc Security Datasets: - [stratosphereips/security-datasets-for-testing: A set of security datasets for testing of tools and algorithms](https://github.com/stratosphereips/security-datasets-for-testing) - Zeek format data - Netflow - https://www.kaggle.com/datasets?search=netflow - Misc Network - https://mcfp.weebly.com/the-ctu-13-dataset-a-labeled-dataset-with-botnet-normal-and-background-traffic.html - User Auth - https://datasetsearch.research.google.com/search?src=0&query=user%20auth&docid=L2cvMTFqY2pfc2NibA%3D%3D - Dataset search engines: - [Dataset Search](https://datasetsearch.research.google.com/search) - https://www.kaggle.com/datasets - Wireless? - [crawdad.org](https://crawdad.org/) ### Research, Articles, etc. - on network traffic datasets with anomalies - https://search.brave.com/search?q=netflow+anomaly+detection&source=desktop - [Large-Scale Traffic Anomaly Detection: Analysis of Real Netflow Datasets | SpringerLink](https://link.springer.com/chapter/10.1007/978-3-662-44791-8_12) - [Anomaly detection in NetFlow network traffic using supervised machine learning algorithms - ScienceDirect](https://www.sciencedirect.com/science/article/abs/pii/S2452414X23000390) - [[2207.03890] ENCODE: Encoding NetFlows for Network Anomaly Detection](https://arxiv.org/abs/2207.03890) - ## Event/Log Databases - Synonyms: - SIEMs, Event DBs, Log Analysis, Data Lake Query Engines, Log Search and Analysis - Search queries: ### Lists, Curations * [Repository search results](https://github.com/search?q=awesome+siem&type=repositories&p=2) * [Annsec/awesome-cybersecurity: Curated list of awesome cybersecurity companies and solutions.](https://github.com/Annsec/awesome-cybersecurity) * [cyb3rxp/awesome-soc: A collection of sources of documentation, as well as field best practices, to build/run a SOC](https://github.com/cyb3rxp/awesome-soc) * [mthcht/ThreatHunting-Keywords: Awesome list of keywords for Threat Hunting sessions](https://github.com/mthcht/ThreatHunting-Keywords) * [[SOAR).](SOAR).](https://github.com/paulveillard/cybersecurity-SOAR) * [[SIEM)](SIEM)](https://github.com/paulveillard/cybersecurity-SIEM) * [netflow anomaly detection - Brave Search](https://search.brave.com/search?q=netflow+anomaly+detection&source=desktop) ### Comprehensive List ## ETL - Synonyms: - Log Proxies, ETL Tools, Stream-Based Event Processors - Search queries: -