System Administrators use many of the same tactics that are implemented by hackers to validate the security of their systems, such as port scanning and vulnerability scanning. Port scanning is slow, and can be highly inaccurate. After a scan is complete, the results of the scan must be cross checked with a vulnerability database to discover if any vulnerabilities are present. While these techniques are useful, they have severe limitations. System Administrators have full access to all of their machines. They should not have to rely exclusively on port scanning them from the outside of their machines to check for vulnerabilities when they have this level of access. This thesis introduces a novel concept for replacing port scanning with a Log File Inventory Management System. This system will be able to automatically build an accurate system inventory using existing log files. This system inventory will then be automatically cross checked with a database of known vulnerabilities in real-time resulting in faster and more accurate vulnerability reporting than is found in traditional port scanning methods.
College and Department
Ira A. Fulton College of Engineering and Technology; Technology
BYU ScholarsArchive Citation
Higbee, Matthew Somers, "Deriving System Vulnerabilities Using Log Analytics" (2015). All Theses and Dissertations. 6139.
log file, agent, syslog, elasticsearch, logstash, kibana, software inventory, inventory management, vulnerability, port scan