Implementation of a SIEM (Security Information and Event Management) solution in relation to Active Directory

Abstract #

The present document is the outcome of my end-of-study project conducted at UM6P, focusing on enhancing security detection capabilities by implementing Wazuh SIEM in an organization that currently uses Microsoft EDR. The objective of this project was to integrate Wazuh SIEM to improve threat detection, streamline incident response, and ensure compliance with regulatory requirements.

Throughout this project, we meticulously planned and executed the deployment process, which included designing a robust architecture that integrates firewalls, internal networks, servers, and host PCs. We also conducted a comprehensive comparison of Wazuh SIEM with other solutions like Microsoft Sentinel and AlienVault to validate our choice of Wazuh based on its flexibility, cost-effectiveness, and strong community support.

We utilized various tools such as GNS3 for testing network configurations, VMware for creating virtual machines, and Ubuntu as the host OS for Wazuh. By configuring and monitoring the system through the Wazuh dashboard, we ensured seamless integration and effective management of security events and alerts.

This project not only enhanced our understanding of SIEM systems but also allowed us to position our implementation approach within the context of existing literature and best practices. The successful deployment of Wazuh SIEM at UM6P marks a significant improvement in our organization’s security infrastructure, providing a reliable and comprehensive solution for ongoing threat management.