Security Incident Response Automation for xPON Networks
Abstract
This paper presents a developed tool for automated security incident reporting in passive optical networks. This tool interacts with our programmable development card, developed detection modules, and TheHive project. The custom implementation of the solution has resulted in anomaly reporting templates for xPON networks that can be universally applied and new definitions of indicators of compromise. The custom implementation consists of a collector and middleware layer between the programmable card and Apache Kafka.
Keywords
Automation, CERT, Incidents, Reports, SIRAP, ToolThis work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
V. Oujezsky, T. Horvath and M. Holik, "Security Incident Response Automation for xPON Networks," in Journal of Communications Software and Systems, vol. 18, no. 2, pp. 144-152, April 2022, doi: https://doi.org/10.24138/jcomss-2022-0033
@article{oujezsky2022securityincident, author = {Vaclav Oujezsky and Tomas Horvath and Martin Holik}, title = {Security Incident Response Automation for xPON Networks}, journal = {Journal of Communications Software and Systems}, month = {4}, year = {2022}, volume = {18}, number = {2}, pages = {144--152}, doi = {https://doi.org/10.24138/jcomss-2022-0033}, url = {https://doi.org/https://doi.org/10.24138/jcomss-2022-0033} }