Skip to content

Hac1es/NT140_Project

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitattributes
.gitattributes
 
 
DeployArchitecture.png
DeployArchitecture.png
 
 
OSSEC Cuối kỳ.pdf
OSSEC Cuối kỳ.pdf
 
 
README.md
README.md
 
 
Setup_ELK.md
Setup_ELK.md
 
 
Setup_OSSEC.md
Setup_OSSEC.md
 
 

Repository files navigation

NT140_Project

diagram

Overview

This project focuses on the research and deployment of a Host-Based Intrusion Detection System (HIDS) using OSSEC integrated with the ELK Stack. By combining OSSEC’s detection capabilities with ELK’s visualization power, this project establishes a functional SIEM (Security Information and Event Management) architecture.

Technology Stack

The system is built on a modern security stack:

  • OSSEC: Core HIDS engine for log analysis, file integrity monitoring, and active response.
  • ELK Stack:
    • Elasticsearch: Distributed search and analytics engine for log storage.
    • Logstash: Data processing pipeline for log normalization and enrichment.
    • Kibana: Visualization dashboard for security event monitoring.

Use-cases

  • Unauthorized Access Detection: Monitoring auditd events for "admin-only" files. Demo: Link

  • Agentless Monitoring: Using SSH to monitor routers and firewalls without agent installation. Demo: Link

  • Windows Registry Protection: Detecting changes in Service keys and triggering a System Restore Point as an active response. Demo: Link

  • Rootkit Scanning: High-severity alerts for hidden malware signatures. Demo: Link

  • Web Application Defense: Identifying SQL injection payloads in access.log and automatically dropping the source IP. Demo: Link

About

A centralized HIDS solution using OSSEC and the ELK Stack

Topics

elk hids ossec

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors