隨著全球面臨日益複雜的網路安全挑戰，企業內每日網路設備所產生的日誌量可超過上百萬筆，而本研究通過分析企業面臨的主要安全挑戰和需求，企業往往可能面臨眾多網路設備分散和型號不同，導致其日誌管理困難，所以設計視覺化日誌分析與告警系統的應用，並透過建置安全資訊與事件管理(Security Information and Event Management，簡稱SIEM) 系統以完成本研究之目標。本研究於企業環境中無視覺化日誌分析與告警系統，實施一個基於ELKB (Elasticsearch、Logstash、Kibana和Beat) 的SIEM解決方案，搭配Elastalert告警系統，其中包括日誌收集、事件管理、威脅檢測和視覺化等功能，並利用案例和實驗作為企業的SIEM解決方案的應用。ELKB作為一個集成多種功能的免費工具組，提供了即時的日誌收集、儲存、分析和視覺化功能，同時具有高度的可自訂性和擴展性，因此受到廣泛關注和應用於安全領域。通過在實際企業環境中的測試和評估，本研究證實了SIEM的視覺化日誌分析與告警系統，能夠提供可靠的安全監控和事件管理，有助於企業保護其資訊資產的安全，為企業提供了一個全面的安全解決方案，以應對不斷增長之網路安全挑戰。

As the world faces increasingly complex cybersecurity challenges, the number of logs generated by network devices within enterprises can exceed millions per day. This research analyzes the primary security challenges and needs that enterprises face, highlighting the difficulties in log management due to the dispersal of numerous network devices and the variety of models. Therefore, this research aims to design a visualized log analysis and alert system, and to achieve this goal by implementing a SIEM (Security Information and Event Management) solution.
In an enterprise environment without a visualized log analysis and alert system, this research implements a SIEM solution based on the ELKB stack (Elasticsearch, Logstash, Kibana, and Beat), combined with the Elastalert alerting system. The solution includes functionalities such as log collection, event management, threat detection, and visualization. Additionally, case studies and experiments are used to demonstrate the application of the SIEM solution in an enterprise context. As a free toolset that integrates multiple functions, ELKB provides real-time log collection, storage, analysis, and visualization capabilities, while also being highly customizable and scalable. It has thus gained widespread attention and application in the field of security. Through testing and evaluation in a real-world enterprise environment, this research confirms that the SIEM’s visualized log analysis and alert system can provide reliable security monitoring and event management. This contributes to the protection of an enterprise's information assets and offers a comprehensive security solution to address the growing cybersecurity challenges.

[1] Gebremeskel, B. K., Jonathan, G. M., & Yalew, S. D. (2023). Information security challenges during digital transformation. Procedia Computer Science, 219, 44-51
[2] Martinez, A., Yannuzzi, M., López, V., López, D., Ramírez, W., Serral-Gracià, R., ... & Altmann, J. (2014). Network management challenges and trends in multi-layer and multi-vendor settings for carrier-grade networks. IEEE Communications Surveys & Tutorials, 16(4), 2207-2230.
[3] Bezas, K., & Filippidou, F. (2023). Comparative analysis of open source security information & event management systems (SIEMs). Indonesian Journal of Computer Science, 12(2), 443-468.
[4] Son, S. J., & Kwon, Y. (2017, November). Performance of ELK stack and commercial system in security log analysis. In 2017 IEEE 13th Malaysia international conference on communications (MICC) (pp. 187-190). IEEE.
[5] Elastic. (n.d.). Elastic Documentation. Retrieved June 6, 2024, from https://www.elastic.co/docs
[6] González-Granadillo, G., González-Zarzosa, S., & Diaz, R. (2021). Security information and event management (SIEM): analysis, trends, and usage in critical infrastructures. Sensors, 21(14), 4759.
[7] Bhatt, S., Manadhata, P. K., & Zomlot, L. (2014). The operational role of security information and event management systems. IEEE security & Privacy, 12(5), 35-41.
[8] Detken, K. O., Rix, T., Kleiner, C., Hellmann, B., & Renners, L. (2015, September). SIEM approach for a higher level of IT security in enterprise networks. In 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS) (Vol. 1, pp. 322-327). IEEE.
[9] Elastic Customers. (n.d.). Elastic. https://www.elastic.co/customers
[10] Vazão, A., Santos, L., Piedade, M. B., & Rabadão, C. (2019, June). SIEM open source solutions: a comparative study. In 2019 14th Iberian Conference on Information Systems and Technologies (CISTI) (pp. 1-5). IEEE.
[11] Vielberth, M. (2021). Security information and event management (SIEM). In Encyclopedia of Cryptography, Security and Privacy (pp. 1-3). Berlin,Heidelberg: Springer Berlin Heidelberg.
[12] At-t-Cybersecurity-vs-Elasticsearch-vs-Graylog. (n.d.). Gartner.https://www.gartner.com/reviews/market/security-information-event-management/compare/at-t-cybersecurity-vs-elasticsearch-vs-graylog
[13] The Best Open Source SIEM Tools Of 2024. (n.d.). Selecthub.https://www.selecthub.com/siem/open-source-siem/
[14] 童鵬哲, & 謝宏昀. (2019). 以 ELK 進行視覺化分析資安設備日誌. TANET2019 臺灣網際網路研討會, 2019, 546-55
[15] Muhammad, A. R., Sukarno, P., & Wardana, A. A. (2023). Integrated security information and event management (siem) with intrusion detection system (ids) for live analysis based on machine learning. Procedia Computer Science, 217, 1406-1415.
[16] FAQ on 2021 License Change. (n.d.). https://www.elastic.co/pricing/faq/licensing.
[17] Van Wijk, J. J. (2005, October). The value of visualization. In VIS 05. IEEE Visualization, 2005. (pp. 79-86). IEEE.
[18] Shiravi, H., Shiravi, A., & Ghorbani, A. A. (2011). A survey of visualization systems for network security. IEEE Transactions on visualization and computer graphics, 18(8), 1313-1329..
[19] Murínová, J. (2015). Application log analysis. Relatório técnico, Masarykova Univerzita Fakulta Informatiky.