Skip to content

muhammadhassaan-solves/security-incident-and-event-management-with-elk-stack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
cloudtrail.conf
cloudtrail.conf
 
 

Repository files navigation

Security Incident and Event Management (SIEM) with ELK Stack

Description

I deployed an AWS OpenSearch domain and configured Logstash to ingest CloudTrail logs from S3. In Kibana I created index patterns and custom dashboards to visualize security events. I enabled prebuilt detection rules to catch suspicious activity and set up real‑time alerts to notify the team of potential threats. This scalable SIEM solution boosted visibility and sped up incident response.

Utilities Used

  • AWS OpenSearch Service
  • Amazon S3
  • AWS CloudTrail
  • AWS EC2
  • AWS IAM roles and security groups
  • Logstash
  • Kibana

Project Walk-through

Set up CloudTrail to S3


Create OpenSearch domain


Launch EC2 and install Logstash


Define index patterns in Kibana



Enable detection rules


Configure real‑time alerts

About

No description or website provided.

Topics

log-analysis siem elk-stack devsecops threat-detection security-analytics

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published