Analisis Security Information and Event Management (SIEM) Berbasis Wazuh dalam Mendeteksi Malicious Software pada Sistem Operasi Linux

Abstract

Currently, the development of technology is progressing very rapidly, but behind the scenes there are threats and attacks that are not known when they will occur. These attacks and threats can damage the system and endanger important data for all aspects of both individuals and organizations. With these threats and attacks, information security or cybersecurity plays an important role in protecting and even preventing attacks and threats that occur. Security Information and Event Management (SIEM), which is one of many cybersecurity methods, is a tool used to monitor network traffic for threats that provide real-time analysis of logs generated by applications or devices. In this research, the SIEM used is Wazuh, which is useful for monitoring, analyzing, and executing attack logs that enter the system or agent. The attack tested in this research is focused on detecting and executing Malicious Software on Linux. The results of the test, Wazuh with the help of integration from VirusTotal can detect and record the attack activity in the log accurately on the server and execute the attack in real time.