Integration of Wazuh and Suricata with Telegram for Enhanced Threat Detection and Multiple Attack Notifications

The rise of connected devices over the internet has led to an increase in attacks on users, compromising their information exchange and revealing sensitive data. Modern cyber threats are becoming increasingly sophisticated and severe, taking advantage of security vulnerabilities in interconnected systems. With the growing complexity of cyber threats, effective threat detection systems are essential for maintaining network security. To improve the detection of various attack types and provide real- time warnings via Telegram, this project focuses on integrating Wazuh which is a security information and event management (SIEM) platform, with Suricata, a powerful network intrusion detection and prevention system (IDS/IPS). By offering a complete solution for log management and multi-attack detection, the integration seeks to strengthen an organization's entire security posture. From system analysis and design to implementation and testing, the process adheres to the Software Development Life Cycle (SDLC). To evaluate the effectiveness of the integrated system, several attack simulations were carried out, including DoS attacks (ICMP Ping and SYN flood), FTP brute-force attacks, and port-scanning activities. The system successfully detected all these attacks. This study highlights the strengths and limitations of integrating Wazuh with Suricata, providing valuable insights for future research aimed at developing more robust intrusion detection systems.

Wazuh, Suricata, Security Information and Event Management (SIEM), Telegram

1. Adam, M. (2024). CrowdStrike 2024 Global Threat Report: Adversaries Gain Speed and Stealth. Available at: https://www.crowdstrike.com/en-us/blog/crowdstrike-2024-global-threat-report// [Accessed at 23 November 2024] [Google Scholar] [Crossref]

2. Nova, F., Pratama, M. D., & Prayama, D. (2022). Wazuh Sebagai log event management Dan Deteksi Celah Keamanan Pada server dari serangan dos. JITSI: Jurnal Ilmiah Teknologi Sistem Informasi, 3(1), 1-7. [Google Scholar] [Crossref]

3. Steenwinckel, B., De Paepe, D., Vanden Hautte, S., Heyvaert, P., Bentefrit, M., Moens, P., ... & Ongenae, F. (2021). FLAGS: A methodology for adaptive anomaly detection and root cause analysis on sensor data streams by fusing expert knowledge with machine learning. Future Generation Computer Systems, 116, 30-48. [Google Scholar] [Crossref]

4. Vielberth, M. (2021). Security information and event management (SIEM). In Encyclopedia of Cryptography, Security and Privacy (pp. 1-3). Berlin, Heidelberg: Springer Berlin Heidelberg. [Google Scholar] [Crossref]

5. Veerasingam, P., Abd Razak, S., Abidin, A. F. A., Mohamed, M. A., & Satar, S. D. M. (2023). INTRUSION DETECTION AND PREVENTION SYSTEM IN SME'S LOCAL NETWORK BY USING SURICATA. Malaysian Journal of Computing and Applied Mathematics, 6(1), 21-30. [Google Scholar] [Crossref]

6. Ghazi, D. S., Hamid, H. S., Zaiter, M. J., & Behadili, A. S. G. (2024). Snort versus suricata in intrusion detection. Iraqi Journal of Information and Communication Technology, 7(2), 73-88. [Google Scholar] [Crossref]

7. Ghazi, D. S., Hamid, H. S., Zaiter, M. J., & Behadili, A. S. G. (2024). Snort versus suricata in intrusion detection. Iraqi Journal of Information and Communication Technology, 7(2), 73-88. [Google Scholar] [Crossref]

8. Sree, T., Harsha, Y. S. S., & Rajagopalan, N. (2024, July). Suricata-Based Intrusion Detection and Isolation System for Local Area Networks. In 2024 International Conference on Signal Processing, Computation, Electronics, Power and Telecommunication (IConSCEPT) (pp. 1-5). IEEE. [Google Scholar] [Crossref]

9. Dallon, R. (2024). What is Continuous Security Monitoring?. Available at: https://www.stamus-networks.com/blog/what-is-continuous-security-monitoring [Accessed at 23 November 2024] [Google Scholar] [Crossref]

10. Ammi, M., & Jama, Y. M. (2023). Cyber Threat Hunting Case Study using MISP. J. Internet Serv. Inf. Secur., 13(2), 1-29. [Google Scholar] [Crossref]

11. Nour, B., Pourzandi, M., & Debbabi, M. (2023). A survey on threat hunting in enterprise networks. IEEE communications surveys & tutorials, 25(4), 2299-2324. [Google Scholar] [Crossref]

12. Pargaonkar, S. (2023). A comprehensive research analysis of software development life cycle (SDLC) agile & waterfall model advantages, disadvantages, and application suitability in software quality engineering. International Journal of Scientific and Research Publications, 13(8), 120-124. [Google Scholar] [Crossref]

• The Impact of Ownership Structure on Dividend Payout Policy of Listed Plantation Companies in Sri Lanka
• Urban Sustainability in North-East India: A Study through the lens of NER-SDG index
• Performance Assessment of Predictive Forecasting Techniques for Enhancing Hospital Supply Chain Efficiency in Healthcare Logistics
• The Fractured Self in Julian Barnes' Postmodern Fiction: Identity Crisis and Deflation in Metroland and the Sense of an Ending
• Impact of Flood on the Employment, Labour Productivity and Migration of Agricultural Labour in North Bihar