Using identity information in the evaluation of security incidents

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

With the continous advancement of computers and technology, IT Security is becoming an increasingly important field of study, which includes a multitude of tasks. This thesis focuses on two fields of IT security: security information and event management, and identity and access management. Both of these fields have had industry solutions available for years, like IBM QRadar, and IBM Security Identity Manager, but the two areas are typically loosely connected, for a more tight integration there was no technical solution available yet.

The aim of this thesis project is to implement and present a solution for this problem, using the aforementioned two products. The goal is the collection, transformation, and presentation of user identity and access information, including the processes managing these from ISIM to QRadar. With this data, the security events handled by QRadar can be evaluated in a new context, detecting previously unhandled incidents making security monitoring more complete and accurate.

This thesis presents two solutions for this integration: a Java EE based web application, and a custom solution, using an IBM data integration framework. For further integration between the two products, I've also developed a different integration solution, which generates security events for QRadar, from previously unseen events about processes managing user data and access information.


Please sign in to download the files of this thesis.