Dezible

Hello! My name is Aditya Bhardwaj.

Dezible is a project where I build a SIEM from scratch.

What is a SIEM you might ask. The following is a nice definition1.

Details

Security Information and Event Management (SIEM) is an essential tool that collects, stores, and performs log management and analyzes extensive volumes of log data from across an organization’s network, generating security alerts when needed.

Every SIEM does five fundamental things:

  • Data collection and Normalization
  • Storage and Indexing
  • Detection and Analysis
  • Response and Orchestration
  • Intelligence and Visualization

With the above tools/capabilities, security teams can assess, triage and respond to security events.

I do not want to re-invent the wheel, but rather have insights into the components that make up SIEM.

LLMs and AI agents will be useful in extending capabilities of such a SIEM, though the first goal is to work out the basics.

Details

Dezible is work in progress.

Found it interesting?

Connect with me here: LinkedIn and Google scholar

  1. https://www.sekoia.io/en/glossary/what-is-a-security-information-event-and-management/ ↩︎

Subsections of Dezible

Data Ingestion

Logs provide a detailed, chronological record of events which is necessary to investigate security incidents.

Without data flowing in, there is nothing to look at!

PCAP

Understanding and analyzing packet-level evidence in pcap files.

Details

Work in progress.

Subsections of Data Ingestion

PCAP

Packet Capture or PCAP files record the raw data packets. You can use tools like Wireshark and tcpdump to intercept data from a network interface, which are then stored as pcap files.

With the network activity stored in these files, we can investigate and anaylze traffic at the packet level.

Sample PCAP files

We can generate our own traffic, but there are free, publicly available pcap files like here: Netresec 1

Details

Work in progress.

  1. https://www.netresec.com/?page=PcapFiles ↩︎

Motivation

My name is Aditya Bhardwaj and am currently a PhD candidate at University of Twente - you can find me here through LinkedIn profile

As the area of AI progresses, a number of people are sharing tutorials (about agents, LLMs and whatnot). Often times, these are singular projects which end up with others in project graveyard.

I want to change that.

My aim is to stick to some projects and build them incrementally. This way, I get to learn and apply new concepts.

Details

💡 It’s like writing a simple hello world program and gradually adding helpful/advanced features.

In this regard, I also like to share Gall’s law. Though the following statement might not be stated verbatim by the author in his work, I fully agree with the idea that…

A complex system that works is invariably found to have evolved from a simple system that worked. A complex system designed from scratch never works and cannot be patched up to make it work. You have to start over with a working simple system.

Taking inspiration from these words, I plan to start simple in every project.

And then improve them. Let’s go!