SlideShare a Scribd company logo

EDR(End Point Detection And Response).pptx

Download as PPTX, PDF
SMIT PAREKH
SMIT PAREKH

End Point Detection and Response

Career
1 of 25
MCA (Master of Computer Application) Department Faculty of Management & Information Sciences Dharmsinh Desai University, Nadiad Internal Guide Dr. Narayan Joshi Professor & Head, Department of MCA, Dharmsinh Desai University, Nadiad. External Guide Mr. Sunny Rajwadi Head Technology, Infopercept Consulting Pvt Ltd, Ahmedabad. Presented by • Panchal Anuj Shantibhai [MA032] • Parekh Smit Nitinkumar [MA034] • Tank Sandip Pravinbhai [MA050] EDR (Endpoint Detection And Response) Implementation in Invinsense
Agenda ✔Project Definition ✔Challenges ✔Project Profile ✔Functionalities/Features ✔System Design ✔Screenshots of the System ✔System Reports ✔Future Enhancement ✔Bibliography 2
Project Definition EDR is the asset tracking module for the management, monitor IT organization assets like system Server. Whenever security threats found, agent send alerts to the administrator and administrator also keep remotely monitoring their assets. 3
Challenges ✔ Understanding client and server communication on the private network using C language. ✔ Understanding secured communication between client and server. ✔ Create custom active-response in EDR. ✔ Decoding different type of logs with different OS. ✔ Graph generation. ✔ Real-time dashboard. ✔ Scalability. 4
Project Profile Project Title EDR Implementation in Invinsense Aim of Project EDR (Endpoint Detection and Response) Front End React JS Back End C Language, Python REST API Tools CLION, Docker, Kubernetes Methodology OOAD Database EDR Indexer Internal Guide Dr. Narayan Joshi External Guide Mr. Sunny Rajwadi Developed By Panchal Anuj Shantibhai [MA032] Parekh Smit Nitinkumar [MA034] Tank Sandip Pravinbhai [MA050] Duration 6th December 2022 to 12th April 2023 5
Hardware/Software Requirements For Development EDR server requirements ✔ Hardware requirements: • Operating system: Ubuntu 22.04 or other Linux base system/Windows System • CPU: 8 cores minimum • RAM: 8 GB minimum • Storage: 50 GB minimum ✔ Software requirements: • Vs Code, Python 3.8 or Above EDR agent requirements ✔ Hardware requirements: • Operating system: Windows and Linux • CPU: 4 core • RAM: 8 GB RAM • Storage: 25 GB HDD ✔ Software requirements: • CLion • GCC (For Linux)/Mingw (For Windows) 6
Hardware/Software Requirements For Deployment EDR server requirements ✔ Hardware requirements: • Operating system: Ubuntu 20.04 or other Linux base system • CPU: 2 cores minimum • RAM: 4 GB minimum (8 GB recommended) • Storage: 20 GB minimum (SSD recommended) ✔ Software requirements: Java 11 or later EDR agent requirements ✔ Hardware requirements: • Operating system: Windows and Linux • CPU: 1 core • RAM: 256 MB minimum • Storage: 100 MB minimum ✔ Software requirements: • For windows: .NET Framework 4.5 or later • For linux: Python 2.7 or later 7
Functionalities/Features • EDR plugin : ✔ Login ✔ Agent information ✔ OS information ✔ Network information ✔ Application information ✔ Hardware / Software information ✔ On-demand antivirus scan and generate alert on dashboard ✔ Add new agent (For linux and windows both) ✔ View system logs ✔ Deployment ✔ EDR deployment in docker ✔ EDR deployment in kubernetes 8
System Design ✔ Use case diagram ✔ EDR system ✔ Monitor auditing and policy usecase ✔ K8s deployment usecase ✔ Activity diagram ✔ On-demand antivirus scan process ✔ Sequence diagram ✔ Login ✔ View all agent details ✔ Change password ✔ Add new agent ✔ View system log ✔ View system inventory data ✔ Remove agent ✔ Search and filter agent ✔ On-demand antivirus scan ✔ Visualize security events and logs ✔ Analyze vulnerabilities 9
EDR Agent on Windows Manage Agent Screenshots 10
Dashboard Login Page 11
Antivirus Scan Screen 12
EDR Server Communication 13
EDR Server 14
Add New Agent EDR Agent Information 15
Log Information 16
Chart Generation 17
Security Events 18
Log Data Analysis 19
Regulatory-Compliance Dashboard 20
System Reports 21
Kubernetes Workspace Login Page 22
Application Pods Cluster Usage 23
Future Enhancement ✔ SSO implementation with KeyCloak. ✔ Implementation of AI and ML. ✔ Agent Implementation for Mac OS. ✔ Deployment of EDR using Ansible. Bibliography ✔ Docker: o https://docs.docker.com/ o https://docs.docker.com/get-started/ o https://docs.docker.com/get-docker/ o https://docs.docker.com/get-started/overview/ o https://docs.docker.com/desktop/ ✔ Kubernetes: o https://kubernetes.io/docs/home/ o https://kubernetes.io/training/ o https://www.edx.org/course/introduction-to- kubernetes ✔ React JS: o https://react.dev/learn o https://react.dev/reference/react o https://react.dev/community ✔ Python REST API: o https://documentation.wazuh.com/current/user- manual/api/examples.html 24
Thank you 25

Recommended

Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 

Recommended

Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber SecuritySteppa Cyber Security
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Supporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSupporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSolarWinds
 
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfGurvinder Singh, CISSP, CISA, ITIL v3
 

More Related Content

What's hot

SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 

What's hot (20)

SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 

Similar to EDR(End Point Detection And Response).pptx

Supporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSupporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSolarWinds
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...Robert Conti Jr.
 
System Center Operations Manager (SCOM) 2007 R2 & Non Microsoft Monitoring
System Center Operations Manager (SCOM) 2007 R2 & Non Microsoft MonitoringSystem Center Operations Manager (SCOM) 2007 R2 & Non Microsoft Monitoring
System Center Operations Manager (SCOM) 2007 R2 & Non Microsoft MonitoringAmit Gatenyo
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Mid-Term Presentation
Mid-Term Presentation Mid-Term Presentation
Mid-Term Presentation HarshJivani2
 
Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1ManageEngine, Zoho Corporation
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
 
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...Guglielmo Iozzia
 
D3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceD3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceImperva Incapsula
 
Srs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemesSrs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemesSahithi Naraparaju
 
Asset Management: Extending Configuration Manager with Cireson
Asset Management: Extending Configuration Manager with CiresonAsset Management: Extending Configuration Manager with Cireson
Asset Management: Extending Configuration Manager with CiresonCireson
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
 
Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2ManageEngine, Zoho Corporation
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
 
Server and application monitoring webinars [Applications Manager]: Part 1
Server and application monitoring webinars [Applications Manager]: Part 1Server and application monitoring webinars [Applications Manager]: Part 1
Server and application monitoring webinars [Applications Manager]: Part 1ManageEngine, Zoho Corporation
 

Similar to EDR(End Point Detection And Response).pptx (20)

Supporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSupporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 Compliance
 
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...
 
System Center Operations Manager (SCOM) 2007 R2 & Non Microsoft Monitoring
System Center Operations Manager (SCOM) 2007 R2 & Non Microsoft MonitoringSystem Center Operations Manager (SCOM) 2007 R2 & Non Microsoft Monitoring
System Center Operations Manager (SCOM) 2007 R2 & Non Microsoft Monitoring
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Mid-Term Presentation
Mid-Term Presentation Mid-Term Presentation
Mid-Term Presentation
 
Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1
 
CV-Pattanasamy-IT Manager
CV-Pattanasamy-IT ManagerCV-Pattanasamy-IT Manager
CV-Pattanasamy-IT Manager
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Project
 
1 - Introduction.ppt
1 - Introduction.ppt1 - Introduction.ppt
1 - Introduction.ppt
 
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
 
D3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceD3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients Performance
 
Srs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemesSrs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemes
 
Asset Management: Extending Configuration Manager with Cireson
Asset Management: Extending Configuration Manager with CiresonAsset Management: Extending Configuration Manager with Cireson
Asset Management: Extending Configuration Manager with Cireson
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdf
 
Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
 
Server and application monitoring webinars [Applications Manager]: Part 1
Server and application monitoring webinars [Applications Manager]: Part 1Server and application monitoring webinars [Applications Manager]: Part 1
Server and application monitoring webinars [Applications Manager]: Part 1
 

More from SMIT PAREKH

Virtualization And Containerization.pptx
Virtualization And Containerization.pptxVirtualization And Containerization.pptx
Virtualization And Containerization.pptxSMIT PAREKH
 
Visa immigration for canada final 2020 21
Visa immigration for canada final 2020 21Visa immigration for canada final 2020 21
Visa immigration for canada final 2020 21SMIT PAREKH
 
Final by smit parekh
Final by smit parekhFinal by smit parekh
Final by smit parekhSMIT PAREKH
 
Green house effect
Green house effectGreen house effect
Green house effectSMIT PAREKH
 
Innovation and you
Innovation and youInnovation and you
Innovation and youSMIT PAREKH
 

More from SMIT PAREKH (8)

Virtualization And Containerization.pptx
Virtualization And Containerization.pptxVirtualization And Containerization.pptx
Virtualization And Containerization.pptx
 
Visa immigration for canada final 2020 21
Visa immigration for canada final 2020 21Visa immigration for canada final 2020 21
Visa immigration for canada final 2020 21
 
Final by smit parekh
Final by smit parekhFinal by smit parekh
Final by smit parekh
 
Entropy
EntropyEntropy
Entropy
 
Green house effect
Green house effectGreen house effect
Green house effect
 
Pollution
PollutionPollution
Pollution
 
Innovation and you
Innovation and youInnovation and you
Innovation and you
 
Pollution
PollutionPollution
Pollution
 

Recently uploaded

VIP Russian Call Girls in Amravati Deepika 8250192130 Independent Escort Serv...
VIP Russian Call Girls in Amravati Deepika 8250192130 Independent Escort Serv...VIP Russian Call Girls in Amravati Deepika 8250192130 Independent Escort Serv...
VIP Russian Call Girls in Amravati Deepika 8250192130 Independent Escort Serv...Suhani Kapoor
 
VIP Call Girls in Jamshedpur Aarohi 8250192130 Independent Escort Service Jam...
VIP Call Girls in Jamshedpur Aarohi 8250192130 Independent Escort Service Jam...VIP Call Girls in Jamshedpur Aarohi 8250192130 Independent Escort Service Jam...
VIP Call Girls in Jamshedpur Aarohi 8250192130 Independent Escort Service Jam...Suhani Kapoor
 
(Call Girls) in Lucknow Real photos of Female Escorts 👩🏼‍❤️‍💋‍👩🏻 8923113531 ➝...
(Call Girls) in Lucknow Real photos of Female Escorts 👩🏼‍❤️‍💋‍👩🏻 8923113531 ➝...(Call Girls) in Lucknow Real photos of Female Escorts 👩🏼‍❤️‍💋‍👩🏻 8923113531 ➝...
(Call Girls) in Lucknow Real photos of Female Escorts 👩🏼‍❤️‍💋‍👩🏻 8923113531 ➝...gurkirankumar98700
 
VIP Call Girls Service Cuttack Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Cuttack Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Cuttack Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Cuttack Aishwarya 8250192130 Independent Escort Servic...Suhani Kapoor
 
PM Job Search Council Info Session - PMI Silver Spring Chapter
PM Job Search Council Info Session - PMI Silver Spring ChapterPM Job Search Council Info Session - PMI Silver Spring Chapter
PM Job Search Council Info Session - PMI Silver Spring ChapterHector Del Castillo, CPM, CPMM
 
Experience Certificate - Marketing Analyst-Soham Mondal.pdf
Experience Certificate - Marketing Analyst-Soham Mondal.pdfExperience Certificate - Marketing Analyst-Soham Mondal.pdf
Experience Certificate - Marketing Analyst-Soham Mondal.pdfSoham Mondal
 
Production Day 1.pptxjvjbvbcbcb bj bvcbj
Production Day 1.pptxjvjbvbcbcb bj bvcbjProduction Day 1.pptxjvjbvbcbcb bj bvcbj
Production Day 1.pptxjvjbvbcbcb bj bvcbjLewisJB
 
The Impact of Socioeconomic Status on Education.pdf
The Impact of Socioeconomic Status on Education.pdfThe Impact of Socioeconomic Status on Education.pdf
The Impact of Socioeconomic Status on Education.pdftheknowledgereview1
 
Internshala Student Partner 6.0 Jadavpur University Certificate
Internshala Student Partner 6.0 Jadavpur University CertificateInternshala Student Partner 6.0 Jadavpur University Certificate
Internshala Student Partner 6.0 Jadavpur University CertificateSoham Mondal
 
VIP Call Girl Bhiwandi Aashi 8250192130 Independent Escort Service Bhiwandi
VIP Call Girl Bhiwandi Aashi 8250192130 Independent Escort Service BhiwandiVIP Call Girl Bhiwandi Aashi 8250192130 Independent Escort Service Bhiwandi
VIP Call Girl Bhiwandi Aashi 8250192130 Independent Escort Service BhiwandiSuhani Kapoor
 
NPPE STUDY GUIDE - NOV2021_study_104040.pdf
NPPE STUDY GUIDE - NOV2021_study_104040.pdfNPPE STUDY GUIDE - NOV2021_study_104040.pdf
NPPE STUDY GUIDE - NOV2021_study_104040.pdfDivyeshPatel234692
 
VIP Russian Call Girls Amravati Chhaya 8250192130 Independent Escort Service ...
VIP Russian Call Girls Amravati Chhaya 8250192130 Independent Escort Service ...VIP Russian Call Girls Amravati Chhaya 8250192130 Independent Escort Service ...
VIP Russian Call Girls Amravati Chhaya 8250192130 Independent Escort Service ...Suhani Kapoor
 
Delhi Call Girls South Delhi 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls South Delhi 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls South Delhi 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls South Delhi 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Low Rate Call Girls Gorakhpur Anika 8250192130 Independent Escort Service Gor...
Low Rate Call Girls Gorakhpur Anika 8250192130 Independent Escort Service Gor...Low Rate Call Girls Gorakhpur Anika 8250192130 Independent Escort Service Gor...
Low Rate Call Girls Gorakhpur Anika 8250192130 Independent Escort Service Gor...Suhani Kapoor
 
Employee of the Month - Samsung Semiconductor India Research
Employee of the Month - Samsung Semiconductor India ResearchEmployee of the Month - Samsung Semiconductor India Research
Employee of the Month - Samsung Semiconductor India ResearchSoham Mondal
 
Neha +91-9537192988-Friendly Ahmedabad Call Girls has Complete Authority for ...
Neha +91-9537192988-Friendly Ahmedabad Call Girls has Complete Authority for ...Neha +91-9537192988-Friendly Ahmedabad Call Girls has Complete Authority for ...
Neha +91-9537192988-Friendly Ahmedabad Call Girls has Complete Authority for ...Niya Khan
 
Ioannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdfIoannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdfjtzach
 
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一2s3dgmej
 
Call Girl in Low Price Delhi Punjabi Bagh 9711199012
Call Girl in Low Price Delhi Punjabi Bagh 9711199012Call Girl in Low Price Delhi Punjabi Bagh 9711199012
Call Girl in Low Price Delhi Punjabi Bagh 9711199012sapnasaifi408
 

Recently uploaded (20)

VIP Russian Call Girls in Amravati Deepika 8250192130 Independent Escort Serv...
VIP Russian Call Girls in Amravati Deepika 8250192130 Independent Escort Serv...VIP Russian Call Girls in Amravati Deepika 8250192130 Independent Escort Serv...
VIP Russian Call Girls in Amravati Deepika 8250192130 Independent Escort Serv...
 
VIP Call Girls in Jamshedpur Aarohi 8250192130 Independent Escort Service Jam...
VIP Call Girls in Jamshedpur Aarohi 8250192130 Independent Escort Service Jam...VIP Call Girls in Jamshedpur Aarohi 8250192130 Independent Escort Service Jam...
VIP Call Girls in Jamshedpur Aarohi 8250192130 Independent Escort Service Jam...
 
(Call Girls) in Lucknow Real photos of Female Escorts 👩🏼‍❤️‍💋‍👩🏻 8923113531 ➝...
(Call Girls) in Lucknow Real photos of Female Escorts 👩🏼‍❤️‍💋‍👩🏻 8923113531 ➝...(Call Girls) in Lucknow Real photos of Female Escorts 👩🏼‍❤️‍💋‍👩🏻 8923113531 ➝...
(Call Girls) in Lucknow Real photos of Female Escorts 👩🏼‍❤️‍💋‍👩🏻 8923113531 ➝...
 
VIP Call Girls Service Cuttack Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Cuttack Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Cuttack Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Cuttack Aishwarya 8250192130 Independent Escort Servic...
 
PM Job Search Council Info Session - PMI Silver Spring Chapter
PM Job Search Council Info Session - PMI Silver Spring ChapterPM Job Search Council Info Session - PMI Silver Spring Chapter
PM Job Search Council Info Session - PMI Silver Spring Chapter
 
Experience Certificate - Marketing Analyst-Soham Mondal.pdf
Experience Certificate - Marketing Analyst-Soham Mondal.pdfExperience Certificate - Marketing Analyst-Soham Mondal.pdf
Experience Certificate - Marketing Analyst-Soham Mondal.pdf
 
Production Day 1.pptxjvjbvbcbcb bj bvcbj
Production Day 1.pptxjvjbvbcbcb bj bvcbjProduction Day 1.pptxjvjbvbcbcb bj bvcbj
Production Day 1.pptxjvjbvbcbcb bj bvcbj
 
The Impact of Socioeconomic Status on Education.pdf
The Impact of Socioeconomic Status on Education.pdfThe Impact of Socioeconomic Status on Education.pdf
The Impact of Socioeconomic Status on Education.pdf
 
Internshala Student Partner 6.0 Jadavpur University Certificate
Internshala Student Partner 6.0 Jadavpur University CertificateInternshala Student Partner 6.0 Jadavpur University Certificate
Internshala Student Partner 6.0 Jadavpur University Certificate
 
VIP Call Girl Bhiwandi Aashi 8250192130 Independent Escort Service Bhiwandi
VIP Call Girl Bhiwandi Aashi 8250192130 Independent Escort Service BhiwandiVIP Call Girl Bhiwandi Aashi 8250192130 Independent Escort Service Bhiwandi
VIP Call Girl Bhiwandi Aashi 8250192130 Independent Escort Service Bhiwandi
 
NPPE STUDY GUIDE - NOV2021_study_104040.pdf
NPPE STUDY GUIDE - NOV2021_study_104040.pdfNPPE STUDY GUIDE - NOV2021_study_104040.pdf
NPPE STUDY GUIDE - NOV2021_study_104040.pdf
 
VIP Russian Call Girls Amravati Chhaya 8250192130 Independent Escort Service ...
VIP Russian Call Girls Amravati Chhaya 8250192130 Independent Escort Service ...VIP Russian Call Girls Amravati Chhaya 8250192130 Independent Escort Service ...
VIP Russian Call Girls Amravati Chhaya 8250192130 Independent Escort Service ...
 
Delhi Call Girls South Delhi 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls South Delhi 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls South Delhi 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls South Delhi 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Low Rate Call Girls Gorakhpur Anika 8250192130 Independent Escort Service Gor...
Low Rate Call Girls Gorakhpur Anika 8250192130 Independent Escort Service Gor...Low Rate Call Girls Gorakhpur Anika 8250192130 Independent Escort Service Gor...
Low Rate Call Girls Gorakhpur Anika 8250192130 Independent Escort Service Gor...
 
Employee of the Month - Samsung Semiconductor India Research
Employee of the Month - Samsung Semiconductor India ResearchEmployee of the Month - Samsung Semiconductor India Research
Employee of the Month - Samsung Semiconductor India Research
 
Neha +91-9537192988-Friendly Ahmedabad Call Girls has Complete Authority for ...
Neha +91-9537192988-Friendly Ahmedabad Call Girls has Complete Authority for ...Neha +91-9537192988-Friendly Ahmedabad Call Girls has Complete Authority for ...
Neha +91-9537192988-Friendly Ahmedabad Call Girls has Complete Authority for ...
 
Ioannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdfIoannis Tzachristas Self-Presentation for MBA.pdf
Ioannis Tzachristas Self-Presentation for MBA.pdf
 
Call Girls In Prashant Vihar꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Prashant Vihar꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCeCall Girls In Prashant Vihar꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Prashant Vihar꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
 
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
 
Call Girl in Low Price Delhi Punjabi Bagh 9711199012
Call Girl in Low Price Delhi Punjabi Bagh 9711199012Call Girl in Low Price Delhi Punjabi Bagh 9711199012
Call Girl in Low Price Delhi Punjabi Bagh 9711199012
 

EDR(End Point Detection And Response).pptx

  • 1. MCA (Master of Computer Application) Department Faculty of Management & Information Sciences Dharmsinh Desai University, Nadiad Internal Guide Dr. Narayan Joshi Professor & Head, Department of MCA, Dharmsinh Desai University, Nadiad. External Guide Mr. Sunny Rajwadi Head Technology, Infopercept Consulting Pvt Ltd, Ahmedabad. Presented by • Panchal Anuj Shantibhai [MA032] • Parekh Smit Nitinkumar [MA034] • Tank Sandip Pravinbhai [MA050] EDR (Endpoint Detection And Response) Implementation in Invinsense
  • 2. Agenda ✔Project Definition ✔Challenges ✔Project Profile ✔Functionalities/Features ✔System Design ✔Screenshots of the System ✔System Reports ✔Future Enhancement ✔Bibliography 2
  • 3. Project Definition EDR is the asset tracking module for the management, monitor IT organization assets like system Server. Whenever security threats found, agent send alerts to the administrator and administrator also keep remotely monitoring their assets. 3
  • 4. Challenges ✔ Understanding client and server communication on the private network using C language. ✔ Understanding secured communication between client and server. ✔ Create custom active-response in EDR. ✔ Decoding different type of logs with different OS. ✔ Graph generation. ✔ Real-time dashboard. ✔ Scalability. 4
  • 5. Project Profile Project Title EDR Implementation in Invinsense Aim of Project EDR (Endpoint Detection and Response) Front End React JS Back End C Language, Python REST API Tools CLION, Docker, Kubernetes Methodology OOAD Database EDR Indexer Internal Guide Dr. Narayan Joshi External Guide Mr. Sunny Rajwadi Developed By Panchal Anuj Shantibhai [MA032] Parekh Smit Nitinkumar [MA034] Tank Sandip Pravinbhai [MA050] Duration 6th December 2022 to 12th April 2023 5
  • 6. Hardware/Software Requirements For Development EDR server requirements ✔ Hardware requirements: • Operating system: Ubuntu 22.04 or other Linux base system/Windows System • CPU: 8 cores minimum • RAM: 8 GB minimum • Storage: 50 GB minimum ✔ Software requirements: • Vs Code, Python 3.8 or Above EDR agent requirements ✔ Hardware requirements: • Operating system: Windows and Linux • CPU: 4 core • RAM: 8 GB RAM • Storage: 25 GB HDD ✔ Software requirements: • CLion • GCC (For Linux)/Mingw (For Windows) 6
  • 7. Hardware/Software Requirements For Deployment EDR server requirements ✔ Hardware requirements: • Operating system: Ubuntu 20.04 or other Linux base system • CPU: 2 cores minimum • RAM: 4 GB minimum (8 GB recommended) • Storage: 20 GB minimum (SSD recommended) ✔ Software requirements: Java 11 or later EDR agent requirements ✔ Hardware requirements: • Operating system: Windows and Linux • CPU: 1 core • RAM: 256 MB minimum • Storage: 100 MB minimum ✔ Software requirements: • For windows: .NET Framework 4.5 or later • For linux: Python 2.7 or later 7
  • 8. Functionalities/Features • EDR plugin : ✔ Login ✔ Agent information ✔ OS information ✔ Network information ✔ Application information ✔ Hardware / Software information ✔ On-demand antivirus scan and generate alert on dashboard ✔ Add new agent (For linux and windows both) ✔ View system logs ✔ Deployment ✔ EDR deployment in docker ✔ EDR deployment in kubernetes 8
  • 9. System Design ✔ Use case diagram ✔ EDR system ✔ Monitor auditing and policy usecase ✔ K8s deployment usecase ✔ Activity diagram ✔ On-demand antivirus scan process ✔ Sequence diagram ✔ Login ✔ View all agent details ✔ Change password ✔ Add new agent ✔ View system log ✔ View system inventory data ✔ Remove agent ✔ Search and filter agent ✔ On-demand antivirus scan ✔ Visualize security events and logs ✔ Analyze vulnerabilities 9
  • 10. EDR Agent on Windows Manage Agent Screenshots 10
  • 15. Add New Agent EDR Agent Information 15
  • 24. Future Enhancement ✔ SSO implementation with KeyCloak. ✔ Implementation of AI and ML. ✔ Agent Implementation for Mac OS. ✔ Deployment of EDR using Ansible. Bibliography ✔ Docker: o https://docs.docker.com/ o https://docs.docker.com/get-started/ o https://docs.docker.com/get-docker/ o https://docs.docker.com/get-started/overview/ o https://docs.docker.com/desktop/ ✔ Kubernetes: o https://kubernetes.io/docs/home/ o https://kubernetes.io/training/ o https://www.edx.org/course/introduction-to- kubernetes ✔ React JS: o https://react.dev/learn o https://react.dev/reference/react o https://react.dev/community ✔ Python REST API: o https://documentation.wazuh.com/current/user- manual/api/examples.html 24