NextGen Alert System

The NextGen alert system was designed to be an in-house SIEM system for Tufts Technology Services (TTS) as it transitions to an inexpensive commercial solution. Ideally, NextGen. would replicate all aspects of monitoring tools (such as ElasticWatcher) and send notifications if specific events occurred within multiple data clusters. Currently, this system is a Minimum Viable Product (MVP) that is able to monitor events, send email notifications, and provide a UI for simple data cluster queries.

Project Dates: 9/1/20 - 5/1/21

Date Published: 6/23/24

Overview

We are excited to present our custom implementation of a Security and Event Management (SEM) system. This project involves developing a sophisticated system capable of monitoring and interacting with multiple cloud databases, ensuring robust security and efficient event management. This project was conducted as part of the Senior Capstone requirement in the Computer Science department at Tufts University. Special thanks to Ming Chow for his guidance as the course instructor and to the development team, which consisted of Andrew Wang, Kate Hanson, and James Cameron .

Further information about the project development cycle can be found here.

Background

Security and Event Management (SIEM) tools offer a holistic view of an organization’s information security. According to SANS institute’s Evaluators Guide to Next Gen SIEM, “traditional SIEM often lacks the capability to produce actionable information, the security team may be unable to justify to management ongoing investment costs such as license renewal, ongoing system management, integration of additional data sources, and continued training of personnel.”

The NextGen alert system was designed to be an in-house SIEM system for Tufts Technology Services (TTS) as it transitions to an inexpensive commercial solution. Ideally, NextGen would replicate all aspects of monitoring tools (such as ElasticWatcher) and send notifications if specific events occurred within multiple data clusters. Currently, this system is a Minimum Viable Product (MVP) that is able to monitor events, send email notifications, and provide a UI for simple data cluster queries.

Key Contributions

  • Frontend Development: We designed a user-friendly interface that displays real-time security metrics and event logs. The frontend is intuitive and provides clear visibility into the system’s status.
  • Backend Integration: Our server interacts with and monitors multiple cloud databases, ensuring seamless communication and data flow.
  • Alert System: The system includes an efficient alert mechanism to notify users of any significant events or security issues.

Technical Details

The following video contains a demonstration of the NextGen Alert system for simple queries. It showcases a frontend that queries an Express.js server. This Express server communicates with a Flask backend, which in turn integrates multiple data clusters to generate and monitor alerts.

Note: Additional details for this project are available on request only.