Integration Of Siem And Soar For Advanced Threat Defense

• Author(s):

  D.Bhavana | S. Mohammad Salman | Puli Sujith | Sameer Raj

• Keywords:

  SIEM, SOAR, PfSense, Suricata, Elasticsearch, Kibana, Filebeat, Shuffle SOAR, Threat Intelligence, Automated Incident Response, Firewall Automation, RESTAPI, Cybersecurity Operations, Incident Management, Network Security, Threat Detection, Log Analysis.

• Abstract:

  The Growing Sophistication Of Cybersecurity Threats Requires A Proactive And Automated Security Strategy. This Paper Discusses The Convergence Of Security Information And Event Management (SIEM) And Security Orchestration, Automation, And Response (SOAR) To Improve Threat Detection, Investigation, And Response. PfSense, An Open-source Firewall With Suricata IDS/IPS, Produces Security Logs That Are Shipped Using Filebeat To Elasticsearch, Creating A Centralized Log Repository For Real-time Threat Analysis. Kibana Is Also Used To Offer Visualization And Dashboards For Incident Tracking. Shuffle SOAR Is Also Used To Automate Incident Response Through The Correlation Of Alerts And The Execution Of Pre-defined Workflows Using PfSense REST API For Automating And Controlling Firewall Rules. The Integration Enhances Accuracy In Detection, Minimizes Response Time, And Improves Operational Efficiency, Thus Enhancing An Organization's Cybersecurity Posture. The Suggested Architecture Takes Advantage Of PfSense As A Firewall And Suricata As An IDS/IPS To Detect Threats By Monitoring Network Traffic. Security Events And Logs Are Sent Through Filebeat To Elasticsearch, Providing Centralized Log Aggregation, Indexing, And Real-time Searching, Enterprises And Organizations Looking For Cost-effective But Efficient Security Automation.

---

Other Details

• Paper id:

  IJSARTV11I4103239

• Published in:

  Volume: 11 Issue: 4 April 2025

• Publication Date:

  2025-04-20

Download Article