Penerapan Keamanan Server Menggunakan Security Information Event And Management Pada Sistem Operasi Ubuntu Server

Along with the development of technology that requires security on server devices is an obligation that must be considered. In an effort to protect a server contained in the Arhanud 14/PWY Cirebon Battalion, it is not enough to only use hardening techniques on the device. Referring to a security framework such as NIST, there are 5 things that need attention: identify, protect, detect, respond, and recover. The Arhanud 14/PWY Cirebon Battalion only applied for protection by using hardening techniques on server devices. Lack of monitoring on server devices causes suspicious activity caused by internal or external factors. The effort to deal with this problem is to apply SIEM (Security Information Event and Management) technology in which the IDS (Intrusion Detection System) method functions as a real-time threat detector on server devices with the Ubuntu Server operating system. This study uses ELK (Elasticsearch, Logstash, Kibana) and Auditbeat, which are devices that can perform log management with visualization to make analysis easier. This test was carried out by focusing on attacks on SSH and FTP services. The testing process uses the Brute Force method. This experimental research method includes identification, needs analysis, design, implementation, testing, and evaluation. Based on the test results from the application of this study, SIEM can detect attacks that have been carried out in the testing process such as SSH and FTP services through log files and visualized by Kibana in real-time