dc.rights.license | All rights reserved | en_US |
dc.contributor.advisor | Duffany, Jeffrey | |
dc.contributor.author | Motta López, Henry | |
dc.date.accessioned | 2022-03-29T18:50:45Z | |
dc.date.available | 2022-03-29T18:50:45Z | |
dc.date.issued | 2021 | |
dc.identifier.citation | Motta López, H. (2021). Detection of WannaCry using Splunk and Sysmon [Unpublished manuscript]. Graduate School, Polytechnic University of Puerto Rico. | en_US |
dc.identifier.uri | http://hdl.handle.net/20.500.12475/1419 | |
dc.description | Design Project Article for the Graduate Programs at Polytechnic University of Puerto Rico | en_US |
dc.description.abstract | Lately, ransomware keeps being an important topic of conversation around the information security communities, as well as politics and economics. It has caused major damage in all these sectors and researchers must keep evolving as ransomware doe finding new ways to detect and remove the threat. Ransomware’s sophisticated encryption and propagation schemes limit the security team’s chances of recovering data to almost zero. The researcher investigated the use of Splunk Enterprise combined with Sysmon to detect and explore a specific ransomware threat. For proof of concept, the researcher used a WannaCry sample to detect the first time it was executed. This way, an investigation can be done, and alerts can be configured to better aid the incident response team. This solution detects ransomware file creation through the Splunk search query using Sysmon event codes.
Key Words – Detection, Ransomware, Splunk, Sysmon. | en_US |
dc.language.iso | en | en_US |
dc.publisher | Polytechnic University of Puerto Rico | en_US |
dc.relation.ispartof | Computer Science Program; | |
dc.relation.ispartofseries | Winter-2021; | |
dc.relation.haspart | San Juan | en_US |
dc.subject.lcsh | Polytechnic University of Puerto Rico--Graduate students--Research | en_US |
dc.subject.lcsh | Polytechnic University of Puerto Rico--Graduate students--Posters | en_US |
dc.subject.lcsh | Computer security | |
dc.subject.lcsh | Computer crimes--Prevention | |
dc.subject.lcsh | Hacking--Prevention | |
dc.subject.lcsh | Automatic data collection systems | |
dc.title | Detection of WannaCry using Splunk and Sysmon | en_US |
dc.type | Article | en_US |
dc.rights.holder | Polytechnic University of Puerto Rico, Graduate School | en_US |