Electronic Theses and Dissertation

Saat ini, perusahaan dari segala sektor industri menyambut kedatangan teknologi 4.0 seperti cloud computing, iot, augmented reality, dan artificial intelligence. akan tetapi, pemanfaatan teknologi generasi baru ini pada dasarnya menimbulkan konsekuensi tersendiri bagi keamanan siber. disini security operations center (soc) adalah salah satu komponen pendukung teknologi informasi dalam sebuah perusahaan yang bekerja melakukan pengamanan cyberspace, pemantauan dan menganalisa jika terjadi ancaman. pada penelitian ini akan dilakukan pengujian security onion dalam mendeteksi potensi serangan terhadap akses server berdasarkan investigasi insiden dengan pendekatan pendekatan 5w 1h, indicator of compromise (ioc) dan melakukan pemetaan serangan dengan matrik ttp att&ck. penelitian ini bertujuan untuk menguji fungsionalitas dari security onion sebagai utilitas soc dalam mendeteksi potensi ancaman serangan terhadap server. setelah dilakukan skenario serangan port scanning, sql injection, dos, xss, brute force dan cve2011-2523 didapatkan hasil yakni security onion berhasil mendeteksi semua indikasi serangan yang telah disimulasikan dalam bentuk informasi alert yang ditampilkan melalui interface web aplikasi security onion. kata kunci : security operating center (soc), security onion, indicator of compromise (ioc), matrik ttp att&ck

Currently, companies from all industrial sectors welcome the arrival of 4.0 technologies such as Cloud Computing, IoT, Augmented Reality, and Artificial Intelligence. However, the use of this new generation of technology basically has its own consequences for cyber security. Here the Security Operations Center (SOC) is one of the supporting components of information technology in a company that works to secure cyberspace, monitor and analyze if a threat occurs. In this study, Security Onion will be tested in detecting potential attacks on server access based on incident investigations with a 5W 1H approach, Indicator of Compromise (IoC) and mapping attacks with ATT&CK TTP Matrix. This study aims to test the functionality of Security Onion as a SOC utility in detecting potential attack threats against servers. After the Port Scanning, SQL Injection, DOS, XSS, Brute Force and CVE-2011- 2523 attack scenarios have been carried out, the results are that Security Onion has successfully detected all indications of a simulated attack in the form of alert information displayed through the Security Onion web application interface. Keywords : Security Operating Center (SOC), Security onion, Indicator of Compromise (IoC), TTP ATT&CK Matrix