<![CDATA[The complexity of cyber threats against the network infrastructure of companies, educational institutions, and government makes protecting network infrastructure a top priority. Router and server devices are highly vulnerable to various types of cyber threats, requiring comprehensive detection and response solutions. This research will implement an intrusion detection system by integrating SIEM technology and Wazuh XDR (Extended Detection and Response). This system analyzes index pattern data from Wazuh agent devices to detect and respond to attacks using the XDR active response firewall. The testing was conducted MikroTik RouterOS, Ubuntu Server 20.04 as Wazuh agent to test reconnaissance attacks, brute force and DoS attacks. The results of the research show Nmap and brute force attacks were successfully detected by Wazuh manager and blocked the attacker IP malicious through active response. Detection of brute force attacks showed an increase in traffic of up to 60 Kbps and CPU usage reached 100%, then decreased after the active response firewall was activated. Authentication failure reached 2198 times in the first hour of the brute force attack. CPU usage increased from 20% to 85% during the attack and decreased to 15% after the active response firewall was activated. DoS attacks, on MikroTik experienced an increase in CPU usage of up to 61% and memory of 67%. After activating the active response firewall, CPU usage decreased to 3%. Traffic on the MikroTik interface increased to 3.3 Mbps during the attack, then decreased to 1 Kbps after the firewall was activated ]]>
Copyrights © 2024
