Beta Presentation Force Platform Ingestion Tool The Capstone - - PowerPoint PPT Presentation

beta presentation
SMART_READER_LITE
LIVE PREVIEW

Beta Presentation Force Platform Ingestion Tool The Capstone - - PowerPoint PPT Presentation

Mar 07, 2023 194 likes •387 views

Beta Presentation Force Platform Ingestion Tool The Capstone Experience Team Rook Roy Barnes Matt Hammerly Will McGee Chiyu Song Mark Velez Department of Computer Science and Engineering Michigan State University Spring 2017 From

slide-1
SLIDE 1

From Students… …to Professionals

The Capstone Experience

Team Rook

Roy Barnes Matt Hammerly Will McGee Chiyu Song Mark Velez Department of Computer Science and Engineering Michigan State University Spring 2017

Beta Presentation

Force Platform Ingestion Tool

slide-2
SLIDE 2

Project Overview

  • Force platform for security alert

management/analysis

  • Force accepts data in one format, but clients

send data in different formats

  • Force PIT provides a way for clients to

integrate existing monitoring tools with Force

  • Suggests groups of related alerts to save Rook

analysts time

The Capstone Experience Team Rook Beta Presentation 2

slide-3
SLIDE 3

System Architecture

The Capstone Experience Team Rook Beta Presentation 3

slide-4
SLIDE 4

Data Flow Diagram

The Capstone Experience Team Rook Beta Presentation 4

Elastic

slide-5
SLIDE 5

Data Flow Diagram

The Capstone Experience Team Rook Beta Presentation 5

Brief presentation of Data Flow

slide-6
SLIDE 6

API API API

Request alerts Send back alerts

Data Normalizer Machine Learning

Platform Ingestion Tool

  • From clients of Rook
  • Endpoints like firewall,

database, etc.

  • Send out logs of security

events (Alerts)

Data Flow Walkthrough

The Capstone Experience Team Rook Beta Presentation

slide-7
SLIDE 7

Data Normalizer Machine Learning

Platform Ingestion Tool

Elastic Database

Data Flow Walkthrough (cont.)

The Capstone Experience Team Rook Beta Presentation

slide-8
SLIDE 8

Elastic

Contains data that includes…

  • Alerts, new and old
  • Tickets, composed of alerts
  • Suggestions created from ML

Pull data from Elastic Push data through to Front end Pass back analyst changes Push changes to update data

Data Flow Walkthrough (cont.)

The Capstone Experience Team Rook Beta Presentation

slide-9
SLIDE 9

Store new API configuration settings

Elastic

Pull data from Elastic Push data through to Front end Pass back analyst changes Push changes to update data

Data Flow Walkthrough (cont.)

The Capstone Experience Team Rook Beta Presentation

slide-10
SLIDE 10

Data Flow Diagram

The Capstone Experience Team Rook Beta Presentation 10

Elastic

slide-11
SLIDE 11

Login Page

The Capstone Experience Team Rook Beta Presentation 11

To the end…

slide-12
SLIDE 12

Alerts Page

The Capstone Experience Team Rook Beta Presentation 12

slide-13
SLIDE 13

Alerts Page – Ticket Panel

The Capstone Experience Team Rook Beta Presentation 13

slide-14
SLIDE 14

Alerts - Filtered

The Capstone Experience Team Rook Beta Presentation 14

slide-15
SLIDE 15

Tickets Page

The Capstone Experience Team Rook Beta Presentation 15

slide-16
SLIDE 16

Tickets - Editing Ticket

The Capstone Experience Team Rook Beta Presentation 16

slide-17
SLIDE 17

Jobs Page

The Capstone Experience Team Rook Beta Presentation 17

slide-18
SLIDE 18

What’s left to do?

  • Update color scheme to Rook’s updated

colors

  • Continue building out support for more types
  • f APIs

The Capstone Experience Team Rook Beta Presentation 18

slide-19
SLIDE 19

Questions?

The Capstone Experience 19

? ? ? ? ? ? ? ? ?

Team Rook Beta Presentation