Monitoring and Visualizing Network Firewall Logs in AWS
Tehranipour, Pardis (2024)
2024
Tietotekniikan DI-ohjelma - Master's Programme in Information Technology
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2024-09-23
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202409208823
https://urn.fi/URN:NBN:fi:tuni-202409208823
Tiivistelmä
Organizations have always been concerned about security and operational efficiency; therefore, having effective monitoring and alert systems is crucial. This thesis explores an approach to enhance visibility over Network Firewall traffic by focusing on five primary goals: identifying appropriate storage for Network Firewall alert logs, developing efficient methods for filtering and querying these logs, designing a dashboard to visualize logs, and implementing a notification system for new block events without going over budget.
Initially, the purpose of a visualization dashboard was discussed in detail in order to reach the intended goals. After that, many Amazon Web Services and different possible visualization solutions were studied.
As a result of analyzing and comparing different tools, Amazon Athena and Amazon QuickSight were selected to filter, query, and visualize the Network Firewall alert logs. Our decision was based on how easy it was to learn and use these tools, how well they integrated into our current organizational structure, and their ability to monitor and manage operations without adding significant overhead or costs. A Slack notification system was also implemented to improve response time to new block events.
This thesis concludes how useful such a monitoring dashboard can be and how it speeds up troubleshooting so much that the number of blocked events is reduced within a short period of time.
This thesis has been prepared under the direction of the Kalmar IoT Data Platform team.
Initially, the purpose of a visualization dashboard was discussed in detail in order to reach the intended goals. After that, many Amazon Web Services and different possible visualization solutions were studied.
As a result of analyzing and comparing different tools, Amazon Athena and Amazon QuickSight were selected to filter, query, and visualize the Network Firewall alert logs. Our decision was based on how easy it was to learn and use these tools, how well they integrated into our current organizational structure, and their ability to monitor and manage operations without adding significant overhead or costs. A Slack notification system was also implemented to improve response time to new block events.
This thesis concludes how useful such a monitoring dashboard can be and how it speeds up troubleshooting so much that the number of blocked events is reduced within a short period of time.
This thesis has been prepared under the direction of the Kalmar IoT Data Platform team.