This work aims to implement the open-source SIEM prototype and create a tool for analyzing and detecting threats in real-time that, at the same time, want to guarantee a performance according to GDPR compliance.
The following image is the result of documental research and the implementation of some practical scenarios, it intends to contribute to a SIEM solution where it is possible to pseudonymize the logs without losing the ability to identify threats and attacks.
Depending on the beat type, personal data maps to distinct fields. The table illustrates the SIEM fields that may contain personal data.
Through a test environment for Windows and Linux operating systems, a survey was carried out of the fields to pseudonymize for each Beat, which allowed the creation of the algorithm illustrated in the following image.
The following link illustrates the algorithm in the server Logstash configuration file for the pipeline:
The following link illustrates the algorithm in the server Logstash configuration file for the pipeline in scenario Metrics:
Video illustrating an attack executed on a machine, the situation anomalous it is identifying, and it's possible to look for the key to identifying the anonymized data.
Ana Paula Vazão, Leonel Santos, Rogério Luís de C. Costa, Carlos Rabadão. (2023). Implementing and evaluating a GDPR-compliant open-source SIEM solution. Journal of Information Security and Applications, 75, 103509. DOI: https://doi.org/10.1016/j.jisa.2023.103509