Intern
    Data Science Chair

    Elastic Stack Integration for Cyber Security Simulation Logging

    06.05.2025

    Adapt the existing CIDDS simulation environment so that system and network logs are forwarded directly into the Elastic Stack. Evaluate logging tools (e.g., Winlogbeat, Filebeat, Auditbeat) and configure them for simulated environments.

    Objective:

    Adapt the existing CIDDS simulation environment so that system and network logs are forwarded directly into the Elastic Stack. Evaluate logging tools (e.g., Winlogbeat, Filebeat, Auditbeat) and configure them for simulated environments.

    Betreuer: Daniel Schlör

    Key Tasks:

    •     Install and configure Elastic Stack (Elasticsearch, Logstash, Kibana)
    •     Connect simulation components (e.g., virtual machines, user agents) to Elastic e.g. via Beats/logging agents
    •     Develop initial dashboards to verify log completeness and structure
    •     Develop an automated annotation mechanism that derives event labels from simulation metadata or logging traces
    •     Export collected logs into versioned datasets

    Extension Directions (Master Thesis / Practica):

    • Impact of Elastic-Based Preprocessing Pipelines on ML Model Performance
    • Benchmarking the Effect of Data Aggregation Strategies
    • Weak Supervision for Security Log Labeling Using Simulation Metadata and Log Semantic

     

    Zurück