Threat Detection utilizing Packet Capture Infrastructure

Topics: Intrusion detection, Network monitoring, SIEM

The scope of this topic is to engineer a scalable network packet based detection system for a corporate network perimeter. The goal is to build a Snort and OpenAppID based detection solution on the top of an existing packet capture infrastructure and integrate the alerting mechanisms with a SIEM system. The student(s) will work with Cyber Defence Engineers who provide consultancy during the planning and implementation phases.
A projekt szorosan kapcsolódik ipari partnerünk, a MOL érdeklődési területeihez, és lehetőséget biztosít a MOL kiberbiztonsági szakértőivel történő együttműködésre.

Maximum number of students: 1 student

Contact: Levente Buttyán (CrySyS Lab), External supervisor (MOL)