Elastic Stack Integration for Cyber Security Simulation Logging
06.05.2025Adapt the existing CIDDS simulation environment so that system and network logs are forwarded directly into the Elastic Stack. Evaluate logging tools (e.g., Winlogbeat, Filebeat, Auditbeat) and configure them for simulated environments.
Objective:
Adapt the existing CIDDS simulation environment so that system and network logs are forwarded directly into the Elastic Stack. Evaluate logging tools (e.g., Winlogbeat, Filebeat, Auditbeat) and configure them for simulated environments.
Betreuer: Daniel Schlör
Key Tasks:
- Install and configure Elastic Stack (Elasticsearch, Logstash, Kibana)
- Connect simulation components (e.g., virtual machines, user agents) to Elastic e.g. via Beats/logging agents
- Develop initial dashboards to verify log completeness and structure
- Develop an automated annotation mechanism that derives event labels from simulation metadata or logging traces
- Export collected logs into versioned datasets
Extension Directions (Master Thesis / Practica):
- Impact of Elastic-Based Preprocessing Pipelines on ML Model Performance
- Benchmarking the Effect of Data Aggregation Strategies
- Weak Supervision for Security Log Labeling Using Simulation Metadata and Log Semantic