Title:
Cyber Operations Log Analysis for Threat Actors
Poster
Preview Converted Images may contain errors
Abstract
The University System of New Hampshire generates over a trillion logs each month, overwhelming security analysts with alerts—many of which are false positives. This high volume of low-quality alerts can lead to analyst fatigue and allow real threats to go unnoticed. Our project focused on improving threat detection by creating three new alerts and refining existing ones using Splunk, a centralized log analysis platform.
Each alert leverages techniques from the MITRE D3FEND framework and is designed to reduce false positives while maintaining detection accuracy. We delivered scalable dashboards and high-fidelity alerts that enhance monitoring of potential security threats such as brute force attacks, account compromises, and anomalous user behavior.
Our work has reduced false positive alerts by at least 15% per use case, streamlining security operations and improving response times. This project demonstrates how targeted alert logic and refined detection rules can significantly strengthen security posture across a large, complex organization.
Authors
| First Name |
Last Name |
|
Christopher
|
Thorn
|
|
Logan
|
McKinley
|
|
Aaron
|
Limbat
|
|
Ethan
|
Healey
|
|
Emily
|
Pascetta
|
|
Will
|
Gawron
|
Leave a comment
Submission Details
Conference URC
Event Interdisciplinary Science and Engineering (ISE)
Department Computer Science (ISE)
Group Infrastructure
Added April 14, 2025, 2:49 p.m.
Updated April 14, 2025, 2:49 p.m.
See More Department Presentations Here
