Perancangan, Peningkatan, dan Monitoring Infrastruktur SIEM Berbasis Wazuh dan Sangfor NGAF untuk Meningkatkan Keamanan Jaringan pada Lingkungan Institusi

Budiman, Mohammad Idris Arif and Indianto, Muhammad Bimatara (2025) Perancangan, Peningkatan, dan Monitoring Infrastruktur SIEM Berbasis Wazuh dan Sangfor NGAF untuk Meningkatkan Keamanan Jaringan pada Lingkungan Institusi. Project Report. [s.n.], [s.l.]. (Unpublished)

[thumbnail of 5025221114_5025221260_Project_Report.pdf] Text
5025221114_5025221260_Project_Report.pdf - Accepted Version
Restricted to Repository staff only
Download (1MB) | Request a copy

Abstract

Seiring dengan meningkatnya digitalisasi layanan di lingkungan institusi, ancaman keamanan siber menjadi tantangan yang semakin kompleks. Direktorat Pengembangan Teknologi dan Sistem Informasi (DPTSI) ITS memanfaatkan infrastruktur keamanan yang mencakup Sangfor Next-Generation Application Firewall (NGAF) dan platform Security Information and Event Management (SIEM) berbasis Wazuh untuk melindungi aset digitalnya. Namun, sistem SIEM yang ada menghadapi tantangan operasional signifikan, terutama tingginya volume alert yang bersifat false positive, yang berpotensi mengaburkan deteksi ancaman nyata dan menyebabkan alert fatigue pada tim keamanan. Proyek kerja praktik ini berfokus pada perancangan, peningkatan, dan monitoring infrastruktur SIEM tersebut untuk meningkatkan efektivitasnya. Metodologi yang digunakan meliputi analisis mendalam terhadap sumber alert, identifikasi pola false positive, dan implementasi tuning pada aturan deteksi berbasis XML di Wazuh. Proses ini mencakup pembuatan pengecualian untuk aktivitas sistem yang sah, penyesuaian logika deteksi untuk serangan web, dan sinkronisasi log forwarding dari Sangfor NGAF. Hasil dari implementasi ini dievaluasi secara kuantitatif dan kualitatif, menunjukkan penurunan drastis pada jumlah alert yang tidak relevan dan peningkatan visibilitas terhadap insiden keamanan yang sesungguhnya. Proyek ini berhasil meningkatkan presisi sistem deteksi, yang secara implisit berkontribusi pada percepatan waktu deteksi dan respons insiden, serta memperkuat postur keamanan siber institusi secara keseluruhan.
==================================================================================================================================
As the digitalization of services within institutions increases, cybersecurity threats are becoming an increasingly complex challenge. The Directorate of Technology Development and Information Systems (DPTSI) of the Indonesian Institute of Technology (ITS) utilizes a security infrastructure that includes the Sangfor Next-Generation Application Firewall (NGAF) and the Wazuh-based Security Information and Event Management (SIEM) platform to protect its digital assets. However, the existing SIEM system faces significant operational challenges, particularly the high volume of false positive alerts, which can potentially obscure the detection of real threats and lead to alert fatigue among security teams.
This internship project focuses on designing, improving, and monitoring the SIEM infrastructure to increase its effectiveness. The methodology used includes an in-depth analysis of alert sources, identifying false positive patterns, and implementing tuning of XML-based detection rules in Wazuh. This process includes creating exceptions for legitimate system activity, adjusting detection logic for web attacks, and synchronizing log forwarding from Sangfor NGAF. The results of this implementation were evaluated quantitatively and qualitatively, demonstrating a drastic reduction in the number of irrelevant alerts and increased visibility into actual security incidents. The project successfully improved the detection system's precision, which implicitly contributed to accelerated incident detection and response times, as well as strengthening the institution's overall cybersecurity posture.

Item Type: Monograph (Project Report)
Uncontrolled Keywords: SIEM, Wazuh, Sangfor NGAF, Keamanan Jaringan, Rule Tuning, False Positive, Monitoring Keamanan
Subjects: T Technology > TA Engineering (General). Civil engineering (General) > TA1637 Image processing--Digital techniques. Image analysis--Data processing.
Divisions: Faculty of Industrial Technology > Informatics Engineering > 55201-(S1) Undergraduate Thesis
Depositing User: Mohammad Idris Arif Budiman
Date Deposited: 28 Aug 2025 08:59
Last Modified: 28 Aug 2025 08:59
URI: http://repository.its.ac.id/id/eprint/128166

Actions (login required)

View Item View Item