Study and implementation of a SIEM (Security Information and Event Management) for the management and supervision of Information Systems (Sonelgaz)

Abstract

In today's computer network environments, a signifcant volume of security log data is generated, posing a challenge for organizations in terms of handling and utilizing this data e?ectively. To address this challenge and enhance information security, centralized log management, and analysis, organizations can leverage Security Information and Event Management Systems (SIEMs). SIEMs play a crucial role in assisting organizations with compliance regulations and mitigating the risk of network intrusions by enabling comprehensive monitoring, detection, and response to security incidents. This thesis specifcally focuses on implementing a SIEM solution using Splunk, a leading platform, to strengthen the security posture and enhance threat detection capabilities in the Sonelgaz organization, which can serve as a reference for other entities seeking to enhance their information security and centralized log management capabilities. The study emphasizes the benefts and challenges associated with implementing a SIEM solution, particularly utilizing Splunk, and provides recommendations for optimizing its usage to maximize threat detection and incident response capabilities.