Visible to the public Threat Detection and Response in Linux Endpoints

TitleThreat Detection and Response in Linux Endpoints
Publication TypeConference Paper
Year of Publication2022
AuthorsAgarwal, Shubham, Sable, Arjun, Sawant, Devesh, Kahalekar, Sunil, Hanawal, Manjesh K.
Conference Name2022 14th International Conference on COMmunication Systems & NETworkS (COMSNETS)
KeywordsArchitecture, composability, compositionality, Computer architecture, Correlation, Endpoint detection and response, Fleet server, Linux, Linux Operating System Security, Malware, Metrics, osquery, pubcrawl, ransomware, resilience, Resiliency, security, Servers
AbstractWe demonstrate an in-house built Endpoint Detection and Response (EDR) for linux systems using open-sourced tools like Osquery and Elastic. The advantage of building an in-house EDR tools against using commercial EDR tools provides both the knowledge and the technical capability to detect and investigate security incidents. We discuss the architecture of the tools and advantages it offers. Specifically, in our method all the endpoint logs are collected at a common server which we leverage to perform correlation between events happening on different endpoints and automatically detect threats like pivoting and lateral movements. We discuss various attacks that can be detected by our tool.
NotesISSN: 2155-2509
DOI10.1109/COMSNETS53615.2022.9668567
Citation Keyagarwal_threat_2022