Automatic Analysis and Response Engine For Monitoring System

Abstract

Cyber threats are evolving rapidly, increasing in frequency, complexity, and intensity. Hacked systems, breached networks, crashed websites, denial of service, stolen credentials, and other cyber incidents have become common. To always be ready to respond to threats in cyberspace, it is necessary to have a system of cyber responses to a cyber incident. Based on integrating the n8n platform with other apps, we built an automation system for SOC monitoring that can help analyze and respond to an incident in each particular case which we call playbooks. In our project, to perform censorship of the built automation system we will perform 10 playbooks: 1. Many Failed SSH Login Attempt Playbook 2. Compromised User Account Playbook 3. Login from out-of-region playbook 4. Netcat revert shell playbook 5. Log4j Attack playbook 6. Denial-of-Service (DoS) playbook 7. Pass-the-hash playbook 8. Malicious File Upload playbook 9. Malicious File Execution playbook 10. Download the Malicious File playbook