From Students…
…to Professionals
The Capstone Experience
Project PlanDetecting Security Threats from User
Authentication Patterns
Team SymantecStephen Alfa
Keerthana KolisettyRobert Novak
Abby UrbanskiXiaoyo Wu
Department of Computer Science and EngineeringMichigan State University
Spring 2018
Functional Specifications
• The goal of the project is to provide VIP customers a Splunk add-on and an AWS AMI to visualize various operational and security trend information present in log data and analyze it in near real-time
• Both applications should alert users when suspicious or malicious activity is detected
• Launching and deployment of both of those applications should be frictionless
The Capstone Experience Team Symantec Project Plan Presentation 2
Design Specifications
• Create easy to read graphs and charts to represent authentication dataoSuccessful vs Failed
oDevice Types
oAuthentications over time
• Create premade graphics and searches and allow users to choose which ones to display.
• Highlight patterns that could reveal suspicious or malicious activity
The Capstone Experience Team Symantec Project Plan Presentation 3
Process Flow
The Capstone Experience Team Symantec Project Plan Presentation 4
Installation of Splunk/ELK
User puts in Certificate in
Splunk/ELK UI
User puts certificate in VIP Reference Client
Splunk/ELK takes in log
data file
The log data is stored as a CSV/JSON file
VIP Reference client pulls VIP log data pertaining to the
certificate
Security Dashboard is
created in Splunk/ELK
Operational Dashboard is
created in Splunk/ELK
Screen Mockup: Pie Chart Panel
The Capstone Experience Team Symantec Project Plan Presentation 5
Screen Mockup: Bar Graph Panel
The Capstone Experience Team Symantec Project Plan Presentation 6
Screen Mockup: Dashboard in Splunk
The Capstone Experience Team Symantec Project Plan Presentation 7
Screen Mockup: Dashboard in ELK
The Capstone Experience Team Symantec Project Plan Presentation 8
Technical Specifications
•SOAP (Simple Object Access Protocol) API
•Java
•VIP Reporting Service Client (REST API)
•JavaScript, HTML
•SPL (Search Processing Language)
The Capstone Experience Team Symantec Project Plan Presentation 9
System Architecture
The Capstone Experience 10Team Symantec Project Plan Presentation
System Components
• Hardware Platforms
▪ Amazon Web Services
oAmazon Machine Images
▪ Software Platforms / Technologies
▪ Splunk
▪ Elasticsearch, Logstash, Kibana (ELK)
The Capstone Experience Team Symantec Project Plan Presentation 11
Risks
The Capstone Experience Team Symantec Project Plan Presentation 12
Risks• Ability to Detect suspicious patterns▪ There is a wide range of threats to detect and want to avoid false flags▪ Consult with experienced security advisor and identify possible threats
• Test Data▪ Real VIP data is necessary to identify accurate threat patterns▪ Get MSU’s VIP data
• Consistency between Splunk and ELK▪ Making sure that functionality is consistent between both platforms▪ Develop both applications concurrently
• AWS Servers▪ The possibility of deploying the ELK applications on the AWS server▪ Use AWS documentation and use online resources
Questions?
The Capstone Experience Team Symantec Project Plan Presentation 13
?
? ??
?
?
?
?
?