DESIGN AND IMPLEMENTATION OF A SECURITY

TOOL FOR THE EFFICIENT IMPLEMENTATION OF

SECURITY INFORMATION AND EVENT
MANAGEMENT SYSTEMS USING ELECTRON
FRAMEWORK

BY

SOBANDE OLUWATENIOLA OLUWANIFEMI

(19CG026485)

A PROJECT SUBMITTED TO THE DEPARTMENT OF

COMPUTER AND INFORMATION SCIENCES,
COLLEGE OF SCIENCE AND TECHNOLOGY,
COVENANT UNIVERSITY OTA, OGUN STATE.

IN PARTIAL FULFILMENT OF THE REQUIREMENTS

FOR THE AWARD OF THE BACHELOR OF SCIENCE
(HONOURS) DEGREE IN COMPUTER SCIENCE.

JULY, 2023
 CERTIFICATION

I hereby certify that this project was carried out by Sobande Oluwateniola
Oluwanifemi in the Department of Computer and Information Sciences, College of
Science and Technology, Covenant University, Ogun State, Nigeria, under my
supervision.

Mr Chukwuebuka Ejiobih
Supervisor Signature and Date

Prof. Olufunke O. Oladipupo

Head of Department Signature and Date

i
 DECLARATION

This project is dedicated to God almighty for he has been my strong anchor during the
course of this program. I would not have made it this far if not because of your
constant company and your sustenance. All because of you, the journey has been
wonderful.

ii
 ACKNOWLEDGEMENTS

I would like to express my sincere gratitude and appreciation to all those who have
contributed to the successful completion of this project.

First and foremost, I extend my heartfelt thanks to my supervisor, Mr. Chukwuebuka,

for his guidance, support, and valuable insights throughout the project. His expertise
and mentorship have been instrumental in shaping the direction and outcomes of this
work.

I would also like to extend my appreciation to the participants who volunteered their
time and provided valuable feedback during the user testing phase. Their insights and
suggestions have immensely contributed to improving the usability and effectiveness
of the GUI.

Additionally, I would like to acknowledge the contributions of my colleagues, friends,

and family members who provided support and encouragement during the project.
Their unwavering belief in my abilities has been a constant source of motivation.

Lastly, I would also like to give all the glory to Lord God almighty for keeping me till
this day, allowing me to commence this project, for his grace that kept me all through
and for the successful completion of this final year project.

Without the collective efforts and support of all these individuals, the successful
completion of this project would not have been possible. Thank you for being an
integral part of this journey.

iii
 TABLE OF CONTENTS

CERTIFICATION
i

DECLARATION
ii

ACKNOWLEDGEMENTS
iii

TABLE OF CONTENTS
iv

LIST OF FIGURES viii

ABSTRACT
ix

CHAPTER: INTRODUCTION
1
1.1 Background 1
1.2 Statement of the Problem 3
1.3 Aim and Objectives of the Study 4
1.4 Methodology 4
1.5 Significance of the Study 5
1.6 Limitations of the Study 5
1.7 Arrangement of Research Outline 5

CHAPTER TWO: LITERATURE REVIEW

6
2.1 Preamble 6
2.2 Introduction 6
2.3 Overview of SIEM 7
2.4 Siem Implementation Problems 10
2.5 Interface in CyberSecurity 12
2.5.1 Review of command line interface 13
2.5.2 Review of the Graphical User Interface 15
iv
2.6 Review of Existing Systems 16
2.6.1 GITKRAKEN 17
2.6.2 ZENMAP 18
2.6.3 ARMITAGE 20
2.6.4 WINSCP 22
2.7 Elastic Security 24
2.8 GUI design principles 26
2.9 Evaluation and Testing 27

CHAPTER THREE: SYSTEM ANALYSIS AND DESIGN 28

3.1 Preamble 28
3.2 Requirement analysis 28
3.2.1 Functional Requirements 28
3.2.2 Non-functional Requirements 29
3.3 System Architecture 30
3.4 System Design 31
3.4.1 Logical Design 31
3.4.2 Data flow Diagram 31
3.5 Physical Design 31
3.5.1 Use Case Diagram 32
3.5.2 Activity Diagram 33
3.5.3 Sequence Diagram 35

CHAPTER FOUR: SYSTEM IMPLEMENTATION 36

4.1 Preamble 36
4.2 System requirements 36
4.3 The implementation tools used 37
4.4 Software Development Methodology 40
4.5 System Module and Interfaces 41
4.5.1 The dashboard Module 42
4.5.2 The Notification and Feedback Module 42
4.5.3 The Installation Module 43
4.6 System evaluation 44

v
CHAPTER FIVE: SUMMARY, RECOMMENDATION AND
CONCLUSION
45
5.1 Summary 45
5.2 Recommendations 45
5.3 Conclusion 46

REFERENCES
47

LIST OF TABLES

Table 3.1 Summarised Use Case Narrative 33

Table 4.1 Software Requirements 37

Table 4.2 Hardware Requirements 38

vi
 LIST OF FIGURES

Figure 2.1 Diagrammatic Representation of the Components of a SOC 8

Figure 2.2 Diagram of a Command Line Interface 15

Figure 2.3 Diagram of a Graphical User Interface 16

Figure 2.4 Diagram Showing the Interface of Gitkraken 18

Figure 2.5 Diagram Showing the Interface of Zenmap 20

Figure 2.6 Diagram Showing the Interface of Armitage 22

Figure 2.7 Diagram Showing the Interface of WINSCP 24

Figure 3.1 System Architecture of the Proposed System 30

Figure 3.2 Data Flow Diagram 31

Figure 3.3 Use Case Diagram 32

Figure 3.4 Activity Diagram 34

Figure 3.5 Sequence Diagram 36

Figure 4.1 Figma 39

Figure 4.2 Visual Studio Code 39

Figure 4.3 Vim 40

Figure 4.4 Electron JS 41

Figure 4.5 Dashboard of the Security Tool 43

Figure 4.6 JDK Notification interface 43

Figure 4.7 JDK Feedback Interface 44

Figure 4.8 Elasticsearch Installation Interface 44

vii
 ABSTRACT

This project aims to develop a Graphical User Interface (GUI) for an effective
implementation of a Security Information and Event Management (SIEM) system.
SIEM systems play a crucial role in modern cybersecurity by centralizing and
analysing security event data from various sources. However, the complexity of SIEM
systems often presents challenges for users, particularly in terms of usability and
efficient utilization of its features. The GUI developed in this project addresses these
challenges by providing a user-friendly interface that simplifies the basic management
and efficient implementation of the Security information and Event Management
System. The interface offers intuitive navigation, user feedback integration
capabilities. It enables users, such as security analysts and IT administrators, to easily
install, integrate, configure, and deploy the SIEM system, to enable them monitor
real-time security events, and respond to incidents effectively. Through an iterative
design process and user testing, the GUI ensures a streamlined user experience,
allowing users to integrate SIEM system effortlessly into their environment. The GUI
leverages modern web technologies and responsive design principles to provide a
seamless experience across different devices and screen sizes. The successful
implementation of this GUI for SIEM empowers organizations to enhance their
security monitoring capabilities, detect potential threats more efficiently, and respond
promptly to security incidents. The user-friendly interface reduces the learning curve
for SIEM system adoption and enables security teams to focus on proactive threat
detection and incident response, ultimately strengthening the overall security posture
of the organization.

viii
 CHAPTER ONE

1INTRODUCTION

1.1 BACKGROUND

One of the most significant technologies of the 20th century was the internet, and it
opened a world of opportunity for both individuals with good intentions and those
with evil ones (Perwej et al., 2021). Before 1988, there were no significant computer
threats because both computers and the internet were still developing, and security
issues were easily identifiable. However, the Morris worm, a computer worm that
spread via the internet, was responsible for the first cyber danger that materialized in
1988 (Bishop, 2003). Numerous such cyber-attacks after the Morris worm have
necessitated the use of cyber-security or computer security.

Cybersecurity encompasses any actions taken to safeguard computer networks against

data loss, theft, damage to computer hardware, and diversion of the services they offer
(The Editors of Encyclopedia Britannica, 2019). Due to the heavy reliance on
computer systems and the internet by organizations, people, and even the government,
cybersecurity has grown in significance. Cybersecurity is all about preventing and
mitigating vulnerabilities and attacks from within or outside a network (Ali et al.,
2022). According to Shirey, (2007), A system's design, implementation, operation, or
management flaws or weaknesses that could be used to circumvent the system's
security policy are known as vulnerabilities. A thorough grasp of all typical threats
and system weaknesses is required for the security of systems and networks.

For an organization to stay on top of threats or attacks on its networks, servers,

desktops, endpoint devices, databases, applications, or other systems, a Security
Operations Center (SOC) is needed. A SOC is a complex structure comprising
information technology professionals and multiple security tools and systems that
monitor, assess, and defend an organization from cyber threats and attacks (Kokulu et
al., 2019). Security event production, collection, storage, analysis, and reaction are the
five main tasks carried out by a SOC (Bidou, 2005). To make the entire organization
secure, a SOC's operations focus on threat management, which involves gathering and

1
analyzing data to look for suspicious actions or vulnerabilities. For a SOC to perform
at optimal capacity, data must be obtained from firewalls, threat intelligence sources,
endpoints, intrusion detection systems, and intrusion prevention systems. This data is
shipped or collected by the Security Information and Event Management system,
which in turn analyzes the data(logs) to produce events that are based on correlation
rules. These events are then used to create reports (incident reports) and then take
security-based decisions on how to respond to the event. The National Institute of
Standards and Technology defined a SIEM as an application that enables the
collection of security data from information system components and presents the data
collected to the members of the SOC team in the event of any Indication of
Compromise (IOC) to the data (Johnson et al., 2019).

The product and services of security information management (SIM) systems and
security event management (SEM) systems are combined in a Security Information
and Event Management System (SIEM) tool (Menges et al., 2021). This tool is one of
the main tools used by SOC analysts to get real-time analysis of security alerts
generated by applications and network hardware, generate incident reports, and assure
information. For proper management of security data, this data must be centralized,
and the SIEM tool serves as a ‘nerve centre’ for all machine actionable information
via a single interface.

SIEM systems have developed into comprehensive systems that offer broad visibility
to identify areas of high risk and proactively focus on mitigation methods aimed at
decreasing incident response costs and time (González-Granadillo et al., 2021). This
is possible because every SIEM contains a data aggregation system, a security data
analytics system, and an incident detection and response system. Real-time event
console, threat intelligence, and forensic analysis (Antonio, 2013).

Taiwan was a victim of a significant phishing attack in May 2020, when recipients of
emails from the country's senior infection-disease official were urged to seek
coronavirus tests. In June 2020, ransomware attacked the University of California,
San Francisco, and the perpetrators, who go by the name Netwalker, wanted 1.14
million dollars from the victims. France was once again the target of a distributed
denial of service (DDOS) attack in March 2020, which prevented several hospitals
from accessing their email accounts and servers. Virtual private networks (VPN),

2
multi-factor authentication, segmentation and separation, and the usage of SIEM are
some techniques for reducing cyberattacks (Pranggono & Arabo, 2020).

Since the lockout of 2020, SIEM solutions have become increasingly crucial, but it is
difficult to find information security professionals who are both well-rounded and
skilled in SIEM. These individuals are needed to integrate and manage the SIEM
system and the fact that they are scarce leave organizations whether small or large to
purchase preconfigured SIEMs at an extra cost. The reason why finding a SIEM
specialist is hard is that you are not only looking for someone with information
security and networking skills, but you are also looking for someone who can
implement a SIEM solution, that understands the various documentation needed in the
implementing and regular maintenance of the SIEM solution and can generate
correlation rules for the SIEM solution (González-Granadillo et al., 2021).

1.2 STATEMENT OF PROBLEM

According to Petrosyan (2022), the average cost per data breach worldwide rose by
4.24 million U.S. dollars from 2021 to 4.35 million U.S. dollars in 2022. Modern
intrusion detection technologies must be used to protect computer systems and
networks since hackers continue to show off their highly developed capabilities
(Khraisat et al., 2019). A SIEM is an intrusion detection system that assists in
simplifying the review of audit logs while escalating indicators of compromise (IOC).
SIEM can review relevant events for indications of potential incidents or threats.
SIEM relies on the security analyst’s expertise to manage its integration,
configuration, and management (Winkler & Gomes, 2017).

A Security Operation Center (SOC) is a group of security analysts dedicated to

preventing, detecting, and responding to security threats in an organization by using a
collection of tools, technologies, and processes. One of these tools is SIEM.
According to Kokulu et al. (2019), Security Information and Event Management
(SIEM) solutions are difficult and complicated to integrate into an organization's
cybersecurity infrastructure. Despite the advantages that SIEM solutions provide,
such as centralized logging, threat detection, and incident response, businesses
frequently run into a variety of obstacles that make it difficult for SIEM to seamlessly
integrate into their cybersecurity ecosystem. The difficulty of setting up and

3
configuring SIEM solutions is a significant issue. It is confusing and time-consuming
for organizations to comprehend the nuances of various SIEM solutions, including
their topologies, data sources, and correlation algorithms. Also, the deficiency of
talented network protection experts who are capable of SIEM and can deal with the
coordination cycle adds to the intricacy. Setup, configuration, and optimization of
SIEM solutions may be hampered by a lack of qualified personnel with the necessary
expertise, resulting in implementation delays and misconfigurations (González-
Granadillo et al., 2021).

For an organization to effectively utilize its resources, as well as the complete

potential of SIEM solutions, reducing the complexity and discomfort encountered in
the installation and integration of SIEM tools is crucial.

1.3 AIM AND OBJECTIVE OF THE STUDY

The aim of this research work is to develop a GUI-based tool to integrate, deploy, and
perform basic management tasks on SIEM. Hence providing a platform to integrate
and deploy the Elastic Security System.

The objectives are:

i. To investigate and document the functional and design requirements for this
security tool.
ii. To design and model the security tool.
iii. To implement the security tool.
iv. To evaluate and test the implemented security tool.

1.4 METHODOLOGY

The methodology used to achieve the objectives stated above includes:

I. Conduct a literature review on the elastic stack documentation to discover the

functional requirements for the security tool.
II. The designing and modeling of the security tool was done using Figma and
Draw.io
III. The security tool to be implemented in this project will be built on the
Electron framework, using HTML, CSS, JavaScript, and BASH.

4
IV. The security tool will be evaluated using usability and performance tests.

1.5 SIGNIFICANCE OF THE STUDY

The relevance of this project can be seen as stated in the following reasons:

i. The study results in the development of a tool to render ease in integrating and
deploying the SIEM tool.
ii. This project reduces the dependency on the terminal for integration.
Deployment, and basic management of the SIEM tool and the servers
associated with it.
iii. It reduces the overall cost of implementation of the Security Information and
Event Management System, from training of analyst, to acquiring enterprise
based Security Information and Event Management Systems.

1.6 LIMITATIONS OF THE STUDY

i. The requirements gathering of the developed interface is constricted to the

Elastic Security System which is used as a case study for the project.
ii. There will be certain restrictions to the data that will be collected and analyzed
by the SIEM to prevent a breach of data protection regulations. This will be a
result of the correlation rules implemented during integration, based on the
system or organization’s security requirements. Since I don’t have specific
security requirements correlation rules cannot be implemented in the security
tool developed for this project (Menges et al., 2021).

1.7 ARRANGEMENT OF RESEARCH OUTLINE

Chapter one of the project contains an explanation of the project, problems on the
Elastic Security System, the methodologies involved, the study’s significance as well
as its limitations. Chapter two explains the existing system relating to the project topic
and the methodologies used. Chapter three describes the system analysis and design.
Chapter four shows the stepwise implementation of the tool and the results obtained.
Chapter Five summarizes the project and gives the subject’s recommendations,
suggestions, and finally conclusions.

5
 CHAPTER TWO

2LITERATURE REVIEW

2.1 PREAMBLE

This chapter reviews graphical user interfaces developed from existing command line
functionalities or applications that have applied related methods to the ones used in
this project. It begins with an overview of terminal-based applications and the
challenges associated with using them. After that, it reviews the literature that is
currently available on the design and development of graphical user interfaces for
terminal-based applications in order to validate the problems that these interfaces
were able to solve with the help of their implementation strategies and to verify their
effectiveness. It later ends by discussing the difficulties encountered in their
development.

A SIEM is a security application or tool, with both a command-line interface (CLI)

and a graphical user interface (GUI) capability (Saraiva & Mateus-Coelho, 2022). The
installation, integration, and configuration of SIEM tools require a terminal or a
command-line interface.

2.2 INTRODUCTION

According to Kavanagh et al. (2020), A SIEM provides real-time analysis of security

alerts generated by network hardware and applications, making it a critical component
of an organization’s security infrastructure.

For a system to be properly set, error risk to be minimized, and system effectiveness
to be maximized, Security Information and Event Management (SIEM) solutions
must be installed effectively. SIEM solutions are made to track and examine security-
related data from numerous sources, including servers, network devices, and software.
The system does real-time data analysis, identifies security threats, and notifies
security staff so they may take the necessary action (Mokalled et al., 2020). A

6
successful installation guarantees that the system is configured appropriately,
minimize the possibility of problems, and increases the system's effectiveness.

False positives, missed events, and other problems that reduce the SIEM system's
utility can result from improper installation (Bryant & Saiedian, 2020). According to a
survey by the Ponemon Institute (IBM, 2022), the average data breach cost in 2020
was $3.86 million, and an improperly installed SIEM system raises the possibility of
data breaches, which can bring about large monetary losses, harm to the organization's
reputation, and legal obligations.

SIEM system installation requires numerous crucial stages to be completed

successfully. The first step is to assess the organization's security requirements and
determine the data sources that require monitoring. This includes determining the data
kinds that must be gathered, the frequency of data collection, and the data collecting
techniques. Installing and configuring the data collectors like elastic beats, log
analyzers like Logstash, and alerting mechanisms that make up the SIEM system
comes next after the data sources have been identified (Makris & Χρήστος Μακρής,
2020).

In a Ponemon Institute study, 61% of firms judged SIEM deployment to be difficult

and time-consuming (Mazzarolo & Jurcut, 2019). Due to the complexity of SIEM
deployments, there are an increasing number of professional services engagements to
help with the implementation and tuning of the SIEM because of the lack of skilled
staff and the requirements for customization (Kavanagh et al., 2020).

This project is aimed at creating a graphical user interface (GUI) for the installation of
a SIEM (Elastic Security), which was originally done via a command-line interface
(CLI), to aid usability, reduce dependence on documentation for installation,
configuration, and deployment, and to reduce the overall cost involved in the
deployment of a SIEM.

2.3 OVERVIEW OF SIEM

Dr. Michael Daniel, the former Cybersecurity Coordinator for the United States, said
in a speech at the RSA Conference in 2019,” The expected cost of cyber-attacks to
companies by the year 2024 is estimated to be more than 5 trillion dollars.” Certain
information like personally identifiable information (PII), protected health
7
information (PHI), and personal security information (PSI) are termed protected
information. Protected information is the most compromised type of information, and
their compromise can lead to stolen trade secrets, loss of competitive advantage, and
loss of customer faith in the company’s ability to protect their personal information.
For this reason, a security operation center (SOC) is commonly used by businesses
(Nugraha, 2021).

A SOC (Security Operations Center) is a centralized facility or team tasked with

identifying, analysing, and responding to cybersecurity incidents and threats within a
company. It acts as a command center for protecting the security of computer
networks, data, and information systems, actively trying to ward off threats like illegal
access and security breaches. The SOC combines trained employees, cutting-edge
technologies, and established processes to provide continuous monitoring, incident
response, and threat intelligence analysis. This enables enterprises to successfully
guard against and respond to cyber-attacks (Madani et al., 2011). One of the major
technologies used by a SOC is the Security Information and Event Management
(SIEM) system.

Figure 2.1 Diagrammatic Representation of the Components of a SOC

Keeping an organization’s network secure is of utmost importance. However, because

of the constant interconnection of computer systems, these systems are made

8
vulnerable to multiple threats that increase the chances of violating the basic security
principles: confidentiality, integrity, and availability. Two of the most important risk
mitigation mechanisms in a network are intrusion detection systems (IDS) and
intrusion prevention systems (IPS) (Rao & Mouli, 2021). IDS constantly analyzes the
network traffic and acts accordingly in the instance of a known attack, while IPS takes
all the necessary actions needed to mitigate a recognized security incident
automatically and in real time. The IPS and IDS are suboptimal because of several
disadvantages, hence the creation of the security information and event management
system, which can deal with more complex attacks (Cotenescu, 2016).

SIEM systems are used for data collecting and filtering, threat detection and
categorization, threat analysis, and investigation. SIEM systems can manage resources
to enforce precautions and address potential threats. The main functions of the SIEM
include threat intelligence, vulnerability tracking, vulnerability assessment, log
management, security monitoring, security control, event collection, correlation, and
analysis (Nugraha, 2021).

A Security Information and Event Management (SIEM) system is a software solution

that gives enterprises a centralized picture of their security posture by collecting and
analyzing security data from various sources inside their IT infrastructure. These
sources may consist of system events, network traffic, and log files (Spyridon, 2016).
A SIEM system's main objective is immediately identifying and addressing security
threats. SIEM systems gather information from numerous sources throughout the IT
architecture of a company, analyse it, and then look for potential security concerns.
Then, to find trends and anomalies that might point to a security breach, this data is
correlated and examined. To find potential security vulnerabilities, SIEM systems
combine statistical analysis and rule-based analysis. These regulations can be tailored
to a company's particular requirements and updated as new dangers materialize
(Sekharan & Kandasamy, 2017).

SIEM systems can be set up in several different ways, such as on-premises, in the
cloud, or using a hybrid approach. The on-premises approach involves the IT
department of a firm installing and maintaining on-premises SIEM systems on the
company's servers. On the other hand, cloud based SIEM solutions are hosted by a

9
third-party source and accessed online. Hybrid SIEM solutions blend capabilities
from the cloud and on-premises environments (Cotenescu, 2016).

SIEM can also be classified into open-source and proprietary solutions. A security
system that is created and supplied by a single vendor is known as a proprietary SIEM
(Security Information and Event Management). Typically, real-time threat detection
and response, compliance reporting, and log management are all features of
commercial software solutions. Although proprietary SIEM systems are frequently
more expensive than the open-source competition, they might offer superior features,
capabilities, support, and integration possibilities like User and Entity Behaviour
Analysis (UEBA), Security Orchestration, Automation and Response (SOAR), and
Extended Detection and Response (XDR) (Shoard & Davies, 2022). Splunk, IBM
QRadar, LogRhythm, McAfee Enterprise Security Manager, and ArcSight are some
well-known proprietary SIEM products. Open-Source SIEM (OSSIM) is the most
used software in the world, used by many public and private institutions. OSSIM is a
SIEM solution that is built on open-source software. It offers log management,
compliance reporting, and real-time threat detection and response. Open-source SIEM
solutions can offer a wide range of security features and capabilities, and they are
frequently more affordable than proprietary solutions. Elastic Security, Snort,
Graylog, Wazuh, and Mozilla Défense Platform are examples of open-source SIEM
solutions (Sheeraz et al., 2023).

Experts will always recommend open-source SIEM solutions as a start for any
organization, and most small to medium-sized organizations prefer to use open-source
SIEM solutions as they fulfil most of their requirements, but the same can’t be said
for large enterprises. Although open-source SIEM systems are readily available and
cost-free to deploy, they also need a significant amount of time and effort. Contrarily,
proprietary SIEM systems are pricey but relatively simple to set up, necessitating less
time and labour to be used (Sheeraz et al., 2023).

2.4 SIEM IMPLEMENTATION PROBLEMS

The implementation of SIEM involves careful planning, installation of the hardware

and SIEM components, the configuration of installed SIEM components and testing
the system. According to Sizov and Kirov (2020), the implementation of SIEM which

10
involves installation, configuration, and integration is a process attributed to some
complexity and problems which include a lack of skilled personnel, high
implementation costs, high time involved in SIEM implementation, lack of
automation, inconvenience in performing implementation procedures, and reliance on
the multicomponent documentation. The solution Sizov and Kirov (2022) gave was to
automate the entire procedure for installation and configuration. Sheeraz et al. (2023),
also stated that currently, there is no detailed or well-defined SIEM architecture in
literature, but an effective SIEM must include the following features: real-time
monitoring, Threat intelligence, behavior profiling, data monitoring, user monitoring,
application monitoring, analytics, log management, updates, reporting, detailed
system description, and a Graphical User Interface (GUI).

Detken et al. (2015) in their article on the SIEM approach for a higher level of IT
security in enterprise networks, stated that the type of companies that are more liable
to attacks are small and medium enterprises (SME). The article also stated that in this
SME, the presence of several security components like an anti-virus-system, firewall,
and intrusion detection system, is not enough to recognize and mitigate all attacks if
they are not installed and integrated in a way that the individual components are
combined and correlated with one another (Detken et al., 2015). Detken et al. (2015)
also stated that SIEM systems are expensive and complex to deploy and maintain.

Reasons why SIEM systems are not suitable for use in SMEs according to Detken et
al. (2015) are the high cost of installation and maintenance because new components
of IT infrastructure are to be installed, configured, and maintained, high costs of the
operation due to the necessity of extensive expert knowledge. Detken et al. (2015)
solution to the following problem was found in the Security Information and Event
Management for Small and Medium-sized Enterprises (SIMU SIEM).

SIMU SIEM is characterized by the following non-functional features:

I. Standardized Pre-Configurations: The SIMU system should work with pre-

configured standardized settings. This indicates that the solution is built to
work with frequently employed network topologies. The system can guarantee
interoperability with already-existing network components and lessen the
effort needed for initial setup and configuration by employing these predefined
settings.
11
 II. Partially Automatic Guideline and Configuration Derivation: The ability to
partially automatically derive policies and configurations should be provided
by SIMU SIEM. This indicates that the system can evaluate the network and
its visualization to produce advice and ideas for setting up and running the
system. The goal of SIMU SIEM is to lessen the amount of manual labor
needed for setup, operation, and maintenance by automating some of the
configuration process.
III. Easy-to-Understand Network Visualization: Users can quickly identify and
analyze potential security threats or anomalies within the network through the
visualizations provided by the system, which feature enhances the security
aspect of SIMU SIEM by providing a clear and intuitive representation of
network activities.
IV. Effort Reduction for Configuration, Operation, and Maintenance: The goal of
SIMU SIEM is to minimize the overall effort needed for configuration,
operation, and maintenance chores by utilizing standardized pre-
configurations and automated guideline formulation. This functionality
improves user experience and boosts system management effectiveness,
enabling administrators to better utilize their time and resources.
V. Compatibility with Widely Used Communication Protocols and Data Formats:
Communication protocols and data formats that are widely used and already
exist in standard network components should be supported by SIMU SIEM.
The installation, configuration, and management of extra SIMU components
are made easier by this interoperability. It reduces the need for significant
adjustments or alterations by enabling the system to interface smoothly with
existing network infrastructure.

The overall goals of these non-functional SIMU SIEM elements are simplicity,
effectiveness, security, and compatibility. The goal of SIMU SIEM is to make the
installation, use, and maintenance of a network security management system simpler
while increasing its overall efficacy. It does this by offering standardized
configurations, automated guideline formulation, intuitive visualizations, and
interoperability with current network components (GmbH, 2023).

12
2.5 INTERFACE IN CYBERSECURITY

No fact shows that one interface is better than the other, facts only show that the
choice of interface used is dependent on the users’ ability to perform tasks seamlessly.
A highly usable computer system will make it simple for users to discover
information and will help when required. Also, it will increase productivity, decrease
the volume of support calls, reduce user annoyance, and boost acceptance. It also
assists in identifying and correcting significant design defects, which reduces
expenses for future change, which is frequently expensive (Matras, 2015). The main
advantage that a graphical user interface (GUI) has over the command-line interface
(CLI) is usability which in turn gives way to other advantages including reduced cost,
adaptation to users’ tasks and environment, accommodating users’ needs, and aiding
user acceptance. Andrews (2021) conducted research on comparative analysis of
interface usability for cybersecurity, and one of the focuses of his research was to
discover the benefits and drawbacks users recognized in both the graphical user
interface and command-line interface approach to cybersecurity. From his research, he
deduced that most participants said that the graphical user interface was easier and
provided a more beginner-friendly experience. Some other participants that still
preferred the GUI over the CLI said that the CLI gives the user more flexibility than
the GUI could not provide. In conclusion, the majority of the participants preferred
the graphical user interface approach over the command-line interface approach. This
project aims to create a graphical user interface that makes the integration of SIEM
tools easier, especially for beginners or people that are not all that familiar with the
system.

2.5.1 Review of command line interface

Command Line Interface (CLI) is a commonly used term in the field of computer
science and software development used in place of Terminal-based applications.
Terminal-based applications are applications that receive commands from the user in
the form of lines of text written in the terminal, console, or shell e.g., git, vim, etc.
The first attempt at a terminal-based application was the creation of the command-line
interface. The first command-line interface was the creation of the Compatible-Time
sharing system (CTSS), which was created in the early 1960s. This was a precursor
for the modern shell which birthed the UNIX operating system later in the year 1969

13
in Bell Laboratories by Ken Thompson (Raymond 2003). Kaye (2012) said that the
first attempt at a terminal was the creation of an electromechanical device called the
Teletypewriter (TTY), which was a typewriter that entered data into a computing
system. It was also referred to as a dumb terminal. Other terminals that have been
created are the Bourne again shell (BASH), Multics Time Sharing Operating System,
RUNCOM, and Korn shell (KSH) (Robbins, 2005).

The command-line interface has been modified over time. The original UNIX v6
created by Thompson was only created to invoke commands and view results, while
the Bourne shell created in 1977 was created to interactively execute commands for
the operating system, and scripting. The Bourne shell also introduced control flow,
loops, and variables (Lhotka, 2007). The command-line interface is preferred above
other interfaces because it requires less memory, it is the fastest and most efficient
type of interface, it is highly precise and it requires few system resources, it is also
helpful in automating repetitive tasks, and it helps to perform certain tasks that are not
available while using other interfaces because the tasks are system protected
(Voronkov et al., 2019a). It also has its negative aspects which include having a steep
learning curve, it doesn’t provide feedback, it relies heavily on commands which can
be prone to human errors and there is no way to undo them, and it is confusing and
requiring a certain level of expertise and familiarity to manipulate effectively
(Voronkov et al., 2019).

From the negative aspects, we can see that the command-line interface’s major issue
is human-computer interaction. One major attribute of good software is usability.
Usability relates to how the system interacts with the user and it includes five major
attributes namely learnability, user retention over time, efficiency, error rate, and
satisfaction over time (Gopaluni et al., 2019). According to ISO 9241 (2019), The
degree to which a product may be used by specific users to achieve specific goals
with effectiveness, efficiency, and satisfaction in a specific context of usage is known
as usability. Since the creation of the first mouse in 1962, GUI has been centered on
creating an interface easy to use, where the interface is manipulated based on
recognition rather than retention of some commands. Adam Powell (1997) also made
it clear that previous computers using only a command-line interface weren’t
comfortable for use by the user. He also went ahead to say that the comfortable

14
environment of the GUI made personal computers attractive to the average person
thereby leading to an increase in the sale of personal computers.

Figure 2.2 Diagram of a Command Line Interface

2.5.2 Review of the Graphical User Interface

Adam Powell (1997) defined the graphical user interface as a computer interface that
displays icons for folders, program names, and recycle bins to make it simple for you
to navigate through your desktop and programs. You can even use a mouse thanks to
it. The graphical user interface (GUI) is sometimes pronounced as “gooey”. Since the
creation of the mouse in 1962 and the creation of the NLS (oNline System) in 1968,
the GUI has been around but not available to the public for use GUI was first a thesis
written by Raskin on WYSIWYG (what you see is what you get) graphical interface
back in 1967. The first real-life usable GUI was Xerox’s Alto computer which
debuted in 1974, but the first GUI personal computer available to the public was the
Apple Lisa created by Steve Jobs and Steve Wozniak in 1979 After this the next big
change in GUI was the creation of the Apple’s Macintosh in 1984 (tuck, 2001).

The graphical user interface eliminates the need to remember and input lengthy
stretches of code to do specific operations. The graphical user interface, which
consists of windows, icons, menus, and pointers, has taken the place of these codes.
Users interact with the GUI by using a mouse or another pointer, such as a light pen,

15
to choose the icons they need. Drivers translate these straightforward human actions
into machine language that the computer can comprehend (Johnson, 2023).

While a command-line interface gives you more freedom and is essentially just a
predefined set of instructions that are executed when you click an icon, a graphical
user interface (GUI) might be perceived as stiff. GUIs require more power than
command-line interfaces because they need to provide a variety of graphics and
human-computer interface (HCI) functions. As a result, they process information
much more slowly than command-line interfaces. Because every component of a GUI
needs to be conceived, planned, implemented, and tested, GUI development and
implementation take a long time (Johnson, 2023).

Figure 2.3 Diagram of a Graphical User Interface

2.6 REVIEW OF EXISTING SYSTEMS

The purpose of this study, the methods used for it, and a critical examination of
pertinent literature are discussed in this part. It includes a review of graphical user
interfaces created from already existing command-line interface functionalities used
for various purposes with relevant architectures and frameworks for this work,
followed by a review of graphical user interfaces used for information security created

16
from already existing command-line interface functionalities. This chapter acts as a
reference for the software development process employed in this project.

2.6.1 GITKRAKEN

The Linux operating system Kernel was developed by Linus Torvalds in April of
2005, Git is a Distributed Version Control System (DVSC) that monitors changes
made to any collection of computer files. It is typically used to manage collaboration
among programmers working on the source code during software development (Arndt
et al., 2019). After the relationship between the group that created the Linux terminal
and the business that created BitKeeper broke down and BitKeeper's free-of-charge
status was revoked, the Linux community made the decision to develop their own tool
based on the lessons they learned from using BitKeeper, including its speed,
simplicity, fully distributed nature, strong support for non-linear development, and
capability to handle large projects like the Linux kernel in particular. (Git - a Short
History of Git, n.d.).

Git is primarily used or managed on the command line. Some advantages of Git GUI
over its CLI, include speed, implicit visualization, the lack of Git logs, and simpler
merging conflict resolutions. GitKraken is one of the GUIs for Git (Kettner & Geisler,
2022). Axosoft's GitKraken is a potent graphical user interface for Git that was
constructed on top of the Electron framework. It was created as an alternative to the
Git command line and is a cross-platform graphical user interface that developers can
use on Windows, Linux, and Mac (Tsitoara, 2019). In the creator of GitKraken Hamid
Shojaee words, “…virtually every Git command is simply easier to do in GitKraken.
Whether you are making a commit, opening a pull request, branching, merging, or
having merge conflicts, it’s easier to take these actions inside of GitKraken than on
the CLI” (Schiemann, 2019). According to Arndt et al., (2019), Git can be difficult to
learn (steep learning curve), especially for new users, from creating branches to
manipulating branches. GitKraken solves this with its user-friendly interface which
makes the creation and manipulation of branches and commits easy.

As stated earlier, GitKraken was created on the Electron framework. Electron is an

open-source framework that helps in the creation of cross-platform desktop
applications that can work on Mac, Windows, Ios, Android, and Linux operating

17
systems. Desktop applications built from the Electron framework act like web apps,
but they can read and record data in a computer file system. Applications made with
the Electron framework have a few shortcomings like resource hogging, where the
applications take up a lot of system resources while in use such as RAM (random
access memory), and it is large in size, majorly because it has its version of chromium
which could be as large as an operating system. Using the Electron framework to
make applications has a lot of benefits like high data security, this is because it stores
most of its data locally. It is also a reusable framework since the same codebase can
be used for both web and desktop applications. Another benefit is it makes
applications created with it easier to manage and it reduces the time and other
expenses incurred during the development process (Jasim, 2017).

Figure 2.4 Diagram Showing the Interface of Gitkraken

2.6.2 ZENMAP

Nmap was originally mentioned on September 1, 1997, in Fyodor's essay in Phrack

magazine issue 51. (Fyodor, 1997). The free and open-source tool Nmap, short for
"network mapper," is used for network discovery, security audits, network inventory,
managing service upgrade schedules, and keeping track of host or service uptime.
Nmap uses cutting-edge techniques that make use of raw IP packets to determine
which hosts are present on the network, what services (application name and version)
those hosts are offering, what operating systems (and OS versions) they are running,
what kinds of packet filters/firewalls are in use, and dozens of other characteristics.
Although it was designed to swiftly scan huge networks, it performs effectively

18
against single hosts. Nmap is available in official binary packages for Linux,
Windows, and Mac OS X and is compatible with all widely used computer operating
systems. Nmap is written in C, C++, Python, and Lua (Nmap, 2017).

Gordon Lyon, popularly known as "Fyodor," developed Nmap to give network

managers, security experts, and penetration testers a tool for examining and mapping
computer networks. Nmap was created by Fyodor to assist with security auditing and
vulnerability assessment, host and service identification, and general network
administration. It was built to answer the demand for a trustworthy and
comprehensive tool that could help users comprehend the layout and security posture
of a network, discover potential vulnerabilities, and identify potential security threats
(Orebaugh & Pinkard, 2011).

Nmap is typically used as a UNIX tool that runs from the command line. As
command-line-based apps have an advantage over batch scripts, this is how it was
originally designed. The GUI versions of Nmap have been more and more popular in
recent years as a result of the urgency around federal regulations and international,
state, and local laws. In order to detect and track things like open ports and service
types in their infrastructures, data security, and more firms have been compelled to do
so. Using a GUI in the front end of the application is a convenient way for people who
are new to these security jobs to understand how Nmap functions and acquire more
sophisticated usage strategies. The increase in worm-based vulnerabilities, which
started around 1999–2000, was another factor driving more techies to Nmap and GUI-
based versions of Nmap. On a network, locating infected machines becomes difficult.
Nmap saved the day by providing a reliable tool. History has shown that they have
been several renditions of the Nmap GUI, like Nmapwin, Ncrack, NmapFE, and,
NmapNT, but all have been replaced by ZENMAP in November 2007 (Orebaugh &
Pinkard, 2011). ZENMAP was built to enhance the usability of the NMAP interface l

The official Nmap Security Scanner GUI is called Zenmap. It is a free and open-
source application that runs on multiple platforms (Red Hat Enterprise Linux, Ubuntu,
Windows, Mac OS X, OpenBSD, etc.) and strives to make Nmap simple to use for
newcomers while giving complex functionality to Nmap veterans. Zenmap was
originally derived from Adriano Monterio Marques Umit, an Nmap GUI created

19
during the Google-sponsored Nmap summer of code in 2005 and 2006 (Nmap, 2017).
Zenmap wasn’t created to replace Nmap but to make it more useful. Some advantages
Zenmap has over plain Nmap are interactive and graphical result viewing,
comparison, convenience, repeatability, and discoverability (Lyon 2008). The Python
programming language was used to create Zenmap, a multi-platform graphical Nmap
frontend and results viewer, while the GTK Toolkit was used to create the interface.

GTK Toolkit or GNU Manipulation Program (GIMP) is a free and open-source cross-
platform widget API for creating Graphical User Interfaces (GUIs), created in 1996.
GTK Toolkit as a powerful and flexible GUI Toolkit has certain advantages. It is a
cross-platform toolkit that runs on various operating systems, including Linux,
Windows, and macOS. It has the support of a very large and active community that
provide extensive resources for learning, troubleshooting, and getting help. It provides
language bindings for several popular programming languages including C, C++,
Python, and Rust. It has a rich set of widgets that are used to create complex and
interactive user interfaces. GTK Toolkit also has its shortcomings. GTK being object-
oriented and written in c makes it harder to learn in comparison to other GUI toolkits,
and it lacks support for mobile development such as Android and iOS (Williams,
2019).

Figure 2.5 Diagram Showing the Interface of Zenmap

20
2.6.3 ARMITAGE

Metasploit is an open-source Framework or tool for creating, testing, and running

exploit code against computer systems, networks, and software applications (Singh,
2019). Large portions of code may be reused across numerous exploits thanks to
Metasploit, which was initially a collection of exploits. It comprised a number of parts
written in C, assembly, and Python and was initially written in the scripting language
Perl. H.D. Moore first developed Metasploit in 2003, and it has since grown to be one
of the most well-liked and effective penetration testing tools in the cybersecurity
world. It has been rewritten in Ruby and offers both a graphical user interface (GUI)
named Armitage and a command-line interface (CLI), making it usable by both
technical and non-technical users. Metasploit has certain limitations. it lacks exploits
for web-based vulnerabilities such as SQL injection, and cross-site scripting (XXS),
and it lacks reporting capabilities that could give the tester a comprehensive report on
the exploits and vulnerabilities discovered, and it has a steep learning curve,
especially for users who are not familiar with the command-line interface (Maynor,
2011).

By offering a user-friendly and aesthetically pleasing interface for managing and

coordinating penetration testing activities using Metasploit, Armitage was created to
address this problem. It was designed to make Metasploit more approachable for non-
technical users or those who prefer a graphical user interface by enabling them to
interact with Metasploit using a point-and-click method rather than having to learn
complicated command-line syntax (Morales-Gonzalez et al., 2023). Armitage is a
GUI that acts as an attack manager for Metasploit written in Java (Rahalkar & Jaswal,
2017). It has functionality for managing targets and vulnerabilities, automating
attacks, teaming up and collaborating, visualizing and mapping, reporting and
documenting, and using extra auxiliary tools not provided by Metasploit. Moreover,
Armitage offers flexibility and customization possibilities, enabling users to alter
settings, personalize the user interface, and add plugins to expand its usefulness
(Engebretson, 2013).

Java is a simple, efficient, general-purpose programming language that was developed

by Sun Microsystem in the1990s. Originally the Java programming language was

21
used primarily for internet-based applications and designed for embedded network
applications running on multiple platforms. As long as a computer has the Java
interpreter, any Java program will execute identically on that machine regardless of
hardware specifications or operating system, making it incredibly portable and usable
on a variety of operating systems. Java contains a number of security mechanisms that
guard computers running Java programs against malicious software and incorrect
code. Due to the fact that its source code is first compiled into binary byte code that is
then executed by the Java Virtual Machine (JVM), Java is both a compiled and an
interpreted language. The ability of Java to turn source code to byte-code gives it its
portability feature because any Java program can run on any operating system that has
a Java Virtua Machine (JVM) installed on it. In comparison to C++, java codes
execute slower. It also takes up a lot of memory and is extremely verbose (Austerlitz,
2003).

Figure 2.6 Diagram Showing the Interface of Armitage

2.6.4 WINSCP

The first file transfer mechanism was proposed in 1971. It was developed for
implementation on hosts at M.I.T. Later on, the File Transfer Protocol (FTP) was now
defined as a protocol for file transfer between hosts on the ARPANET. Its main
purpose was to transport files between hosts efficiently and reliably while also

22
enabling remote file storage (Postel & Reynolds, 1985). FTP doesn’t require special
data encoding to the 7-bit form because it is an *-bit protocol. Two TCP ports are
used by FTP for connection. TCP ports 20 and 21 are used for data transfer and
conversation, respectively, between a client and a server. FTP can be used directly
from a terminal, but all its terminal functions have been abstracted to a few points and
clicks. FTP can be transmitted via block mode, streaming mode, or compressed mode.
Files can also be transmitted using the Ascii mode, which uses the standard 8-bit
ASCII to transfer text files, and the binary mode, which sends binary files bit by bit.
FTP is sent as a string of unencrypted characters specifying the commands. This mode
of transferring data is risky because the username and password sent over the network
are unencrypted and can be intercepted (pl, n.d.).

Transmission of data over a network using FTP is not secure and advisable. Because
of this security issue secure file-sharing techniques have been made. Data can be
transmitted securely either over a Virtual Private Network (VPN) or by using Secure
Shell (SSH). SSH is associated with TCP port 22. It provides a set of standards and
associated network protocols to establish a secure connection between endpoints
transmitting data across a media whose security is not guaranteed (such as the
internet). SSH makes use of public key cryptography and message authentication.
SSH was originally intended for secure system administration on UNIX servers in
1995. Major SSH protocols for securely transferring data are secure file transfer
protocol (SFTP and FTPS) and secure copy (SCP) (Realtimepublishers.com, 2007).
FTPS is the transfer of files within an SSH session. In FTPS the data isn’t encrypted
but it is passed through a secure channel. The difference between SFTP and FTPS is
that SFTP encrypts the data during transmission. SCP transfers data through an SSH
connection, but it differs from FTPS by encrypting the authentication and other traffic
(Jones & Realtimepublishers.com, 2009).

WinSCP was created by Martin Prikryl in March 2000, while he was working at the
IT department of the University of Economics in Prague. The concept of WinSCP
came from Jan Havlicek, and it is the first GUI file transfer client for SSH ever.
WinSCP is a file manager and free, open-source SFTP, FTP, WebDAV, S3, and SCP
client for Windows. Its main function is file transfers between nearby and distant
computers. In addition, WinSCP has basic file manager functionality and scripting

23
(Prikryl., n.d.). WinSCP is a graphical user interface (GUI) for transferring files and
managing remote files on servers written in C++. WinSCP provides secure file
transfer, and transmission automation through its built-in scripting interface, and
protocol support like SCP, FTPS, and SFTP (Pleshkova & Panchev, 2021). WinSCP
is designed to run on the Windows operating system, and it utilizes the Microsoft
Foundation Classes (MFC). WinSCP being designed for Windows doesn’t hinder it
from connecting to remote servers running different operating systems like Unix,
Linux, and macOS (Hitchcock, 2022).

As an expansion of the C programming language, C++ is a robust, all-purpose,

statically typed computer language. System-level programming, embedded systems,
game development, high-performance computing, and other tasks requiring quick and
low-level access to computer hardware all make extensive use of C++. Templates,
manual memory management, a robust standard library, compatibility with other
languages, and platform portability are just a few of the advantages that C++ offers.
But, C++ also has a more difficult learning curve and demands close attention to
memory management. C++ is a compiled language that can make C++ code
platform-dependent. C++ accepts cross-platform libraries like Qt, Boost, and Poco
(Lospinoso, 2019).

Figure 2.7 Diagram Showing the Interface of WINSCP

24
2.7 ELASTIC SECURITY

According to Mulyadi et al. (2020), Elastic security is a collection of security

products that help organizations to detect and respond to security threats. The
collection of security products has several features like endpoint security, threat
hunting, and SIEM. The Elastic Security platform which is built on the Elastic Stack
(ELK) is a good choice for organizations, given the fact that it is open-source and free
as well as its flexible and scalable design.

Elastic Security is made up of five major components namely:

I. Elasticsearch: This is seen as a distributed search and analytics engine that

stores and indexes data. At the heart of the Elastic Stack, Elasticsearch stores
and searches large amounts of data and performs log and business analytics.
II. Kibana: This is the data visualization tool that provides a user interface for the
analysis of data stored in Elasticsearch. It is a key component of the elastic
stack and is used to create dashboards and visualizations, to aid users
understand and explore their data. Kibana’s visualizations could be in many
forms including bar charts, line charts, heat maps, and many more.
III. Logstash: This is a data processing pipeline that ingests data from multiple
sources and ships it to Elasticsearch. Its main functions are the collection,
parsing, and transformation of data such as logs, metrics, and other types of
data from multiple sources. It is sometimes used to filter and enrich data
before forwarding it to Elasticsearch.
IV. Beats: This is seen as a lightweight data collection agent. It collects data from
endpoints like servers, workstations, and mobile devices. There are several
types of beats including Filebeat, which is used to collect log data, Metricbeat,
which is used to collect system and application metrics, Auditbeat, which is
used to collect audit data, Heartbeat, which is used to collect uptime
monitoring data, Packetbeat, which is used to collect network data, and
Winlogbeat, which is used to collect windows event logs.
V. Elastic SIEM: This Security Information and Event Management solution
provides threat detection, incident response, and compliance management

25
 features. As a key element of Elastic Security, it helps to monitor and analyze
security-related events.

2.8 GUI DESIGN PRINCIPLES

According to Farhan et al. (2019), GUI design principles are a collection of standards
that assist designers develop interfaces that are simple to use, aesthetically pleasant,
and functional. These recommendations, which are based on studies in psychology
and human-computer interaction, are intended to assist designers in producing
interfaces that are simple, effective, and efficient.

Consistency, simplicity, feedback, compatibility, comprehensibility, and memorability

are some essential criteria that effective GUI design adheres to. Consistency is the
usage of the same visual components, layout, and navigation throughout the product
to provide users with a sense of predictability and comfort. To keep an interface
simple, extraneous complexity and clutter must be removed, leaving only the core
features and information. Feedback is the act of alerting users of the status and results
of their interactions in a clear and timely manner in response to their activities. For an
interface to be considered compatible, it must function effectively across a variety of
platforms, devices, and user preferences while also adapting to various circumstances
and contexts. By employing simple language, labels, and directions, the interface
must be easy to comprehend and learn. Memorability is a useful GUI characteristic
that helps users remember how to utilize an interface after they have interacted with
it. Consistent design patterns and visual cues that help the user navigate the interface
are used to achieve this. Additionally, making labels and instructions clear and
succinct might aid users in remembering how to complete specific actions inside the
interface (Farhan et al., 2019).

One of the major pitfalls of User-centered design is technology-centered design.

Technology-centered design is a method of creating interfaces that put the use of
cutting-edge technologies ahead of the requirements and actions of the user. This
method frequently places more emphasis on the technology's capabilities than on the
user's objectives and preferences (Endsley, 2016).

26
Endsley (2016) describes user-centered design as a strategy for creating user
interfaces that are focused on the requirements and behaviours of the user. In this
method, user goals, tasks, and preferences are understood to create interfaces that are
suitable for their requirements. User research, usability testing, and prototyping are a
few examples of strategies used in user-centered design to incorporate users in the
design process. Designers may produce interfaces that are more effective, efficient,
and enjoyable to use by concentrating on the demands of the user. This strategy can
assist in lessening annoyance and boost output, which will ultimately improve the
user experience.

Effective GUI design for system administration should be aesthetically pleasing, user-
friendly, and efficient, according to Gupta (2015). The study discovered that a user-
friendly GUI design should have a contemporary, clean aesthetic. The user's needs
and tasks should be prioritized in the GUI's design. The authors recommended that the
GUI be created with a straightforward layout that is simple to use. Efficiency in GUI
design is crucial, and activities should be completed with the fewest possible clicks,
according to the study's findings. The authors recommended that the GUI be
developed to give users feedback and assist them in understanding how the system is
reacting to their actions. According to the study's findings overall, an efficient, user-
friendly, and visually appealing GUI design for system administration should be
centered on the needs and tasks of the user.

2.9 EVALUATION AND TESTING

According to Gonçalves and Campos (2017), the various methods of evaluation are
user experience evaluation, usability testing, cognitive walkthrough, and heuristic
evaluation. Heuristic evaluation is described as a usability assessment technique in
which evaluators examine a software interface using a collection of established
usability guidelines or heuristics. Cognitive walkthrough is a usability evaluation
method that uses user task simulation and software interface walkthrough to identify
usability flaws. In usability testing, users are chosen to use the program and complete
tasks while their interactions are recorded. As part of the usability testing process
known as "user experience evaluation," surveys or interviews are used to gather
feedback and opinions from users about the program. There is no evaluation method
that is the most effective as the effectiveness of each evaluation technique is

27
dependent on the goals and context of the evaluation. A combination of evaluation
techniques can provide a more holistic evaluation of the GUI design (Gonçalves &
Campos, 2017). I will be using the usability Testing approach to evaluate my project
work.

CHAPTER THREE

3SYSTEM ANALYSIS AND DESIGN

3.1 PREAMBLE

This chapter provides a thorough evaluation of the project's planning and design,
which is named "Creation of a GUI for the Implementation of Elastic Security Using
Electron framework." In this chapter, we explore the many facets of system analysis
and design, emphasizing use case, sequence, and activity diagram generation, as well
as the identification and specification of functional and non-functional requirements.

3.2 REQUIREMENT ANALYSIS

The purpose of requirement analysis is to provide a clear knowledge of what the

software system should be able to do, what features and functionalities it should have,
and how it should operate. It includes locating and recording user needs, corporate
goals, limitations, and any other pertinent elements that might affect the creation of
the software system. Functional and non-functional requirements are the two main
categories of software requirements. The next paragraph goes into further information
about the project's requirements.

Functional and non-functional requirements are the two main categories of software
requirements. The next paragraph goes into further information about the project's
requirements.

28
3.2.1 Functional Requirements

Functional requirements are specifications that list the functions and behaviors that a
software system or product must have in order to work properly. These requirements
describe the planned activities of the system and specify how it ought to react to
various inputs and user interactions. The functionality of the system and its capacity
to carry out particular activities or actions are the main subjects of functional
requirements.

The system's functional requirements are as follows:

I. The user shall be able to select between a single-node ELK server

implementation or a multi-node ELK server implementation.
II. The user shall be able to install the main components of the ELK server
namely Elasticsearch, Kibana, and Logstash.
III. The user shall be able to select which of the sub-components should be
installed.
IV. The user shall be able to start and stop all the ELK server components.
V. The user shall be able to create an ELK server cluster.
VI. The user shall be able to join an existing cluster.
VII. The user shall be able to create CA HTTP and SSL certificates.

3.2.2 Non-functional Requirements

Non-functional requirements establish the traits or characteristics of a software system

or solution. They are often referred to as quality attributes or system attributes. Non-
functional requirements, in contrast to functional requirements, explain how the
system should function, behave, or be organized. These specifications are necessary to
guarantee a system's overall quality, performance, usability, and maintainability.

The system’s non-functional requirements are as follows:

I. The tool shall use SSL certificates to protect data generated on each node.
II. The tool shall maintain a simple and easily usable interface for users.
III. The tool should be compatible with multiple operating systems.
IV. The tool should follow all the necessary data protection guidelines and
regulations.

29
 V. The tool should give the user feedback before and after any action that will
directly affect the system takes place.
VI. The tool shall give the user progress reports on the state of their installations
or configurations.
VII. The tool should be easily maintained.

3.3 SYSTEM ARCHITECTURE

Systems architecture is the term used to describe the high-level planning and
arrangement of the parts, subsystems, and interactions that make up a system. In order
for the system to perform as planned, it defines the structure, behaviour, and
relationships between its constituent parts.

The Tool is divided into three layers namely the presentation layer, the application
layer, and the data layer. The presentation layer consists of the GUI interface which
enables the user to interact with the system. The GUI interface accepts the user input
and displays information, allowing users to select options, configure settings, and
view the status of components.

The application layer consists of an installation manager which handles the

installation of the Java JDK, all the main components of the elastic stack
(Elasticsearch, Kibana, Logstash), and the optional elastic beats. It manages the
download, extraction, and installation of the required packages. It also consists of a
configuration manager which handles the configuration of the main elastic
components to ensure the proper working of the system. An integration manager is
also found here to handle the installation of elastic beats and forward specific data
types to the elastic stack.

The Data layer includes configuration and integration settings for the elastic stack
components and elastic beats, which are stored in a YAML file on the servers where
each component is present.

30
 Figure 3.8 System Architecture of the Proposed System

3.4 SYSTEM DESIGN

System design is the process of defining a system's precise specifications and

properties in accordance with the needs discovered during the system analysis stage.
It entails translating the requirements and high-level system architecture into a
tangible and implementable design.

3.4.1 LOGICAL DESIGN

A logical design is a conceptual representation of a system or application that does not

take into account specific implementation details. It emphasizes on the structure,
interactions, and functional features of the system's parts. The logical design of this
security tool is described using a data flow diagram.

3.4.2 DATA FLOW DIAGRAM

A data flow diagram (DFD) shows how data moves visually within a system or
application. This diagram demonstrates how data moves from its source to its
destination through a number of steps. DFDs are frequently used in system analysis
and design to visualize information flow and comprehend interactions between
various system components. In this diagram, various system components, such as
processes and external entities, are represented by various symbols and notations.

31
 Figure 3.9 Data Flow Diagram

3.5 PHYSICAL DESIGN

Physical design entails producing visual representations of a system's actual

operations, from input and validation to output. By detailing the particular
actions/functions that the system may execute and how they are operated, it describes
the system's operations. This stage of design takes the user into account and aids in
providing a comprehensive picture of the functionality of the system.

3.5.1 USE CASE DIAGRAM

A use case diagram is a visual representation of the interactions between users (actors)
and a system. It demonstrates the numerous ways users engage with the system to
carry out tasks or achieve particular objectives. Actors use cases, and their
connections are depicted in the diagram. Use cases describe system functionalities,
whereas actors represent users or external systems. The connections show how actors
and use cases are linked and dependent on one another. Use case diagrams can be
used to summarize system behavior, identify user roles, and record and explain the
system's functions.

32
 Figure 3.10 Use Case Diagram

Table 3.1 Summarised Use Case Narrative

Use Case 1 Create

Brief A user can implement the Elastic SIEM

Description
Actor User

Trigger The user opens the desktop application.

Parameters IP address, Hostname, Version history.

Pre-Conditions Must be using a CentOS or Ubuntu linux distribution.

Post-Conditions User successfully implements the Elastic Security.
(success end)

33
 Post-Conditions Not enough space
(failure end)
User not using a CentOS or Ubuntu Linux distribution

Event Flow Actor Action System Response

User selects setup on the The system displays tells the user to
dashboard page pick from single or multiple server
implementation
User picks the version of the The system prompts the user to install,
Elastic Security system to be and configure all main components,
installed and gives the user options on the sub-
components to be integrated.
The user then proceeds to the The system displays a status of each
dashboard, showing all the service started or stopped as well as
components installed, and basic information of the cluster the
options to start and stop the Elastic Security system is operating on.
services

3.5.2 ACTIVITY DIAGRAM

An activity diagram is a graphic representation of how a system's activities or

processes move. It illustrates the decision points, parallel activities, and sequential
steps necessary to accomplish a particular objective. Activity diagrams are frequently
used to represent system behaviors, software workflows, and business processes.
Nodes representing activities, transitions showing the flow between activities, and
decision points or branches for parallel or conditional flows make up the diagram.
Visualizing the sequence of events, the factors influencing the flow, and the
synchronization of concurrent actions is helpful. Activity diagrams can be used to
clarify complex processes, locate bottlenecks or inefficiencies, and verify the logic
behind system behavior.

34
 Figure 3.11 Activity Diagram

3.5.3 SEQUENCE DIAGRAM

A sequence diagram is a sort of UML (Unified Modeling Language) diagram that

shows the interactions and timing of messages transmitted between objects or
components in a system. It illustrates the progression of events and the order of
operations that take place throughout a specific scenario or use case.

35
Figure 3.12 Sequence Diagram

36
 CHAPTER FOUR

4SYSTEM IMPLEMENTATION

4.1 PREAMBLE

This chapter details the graphical user interface (GUI) designed for the efficient
implementation of Elastic security. This chapter's objective is to give a thorough
overview of the technical issues related to the creation and implementation of the
GUI, stressing the essential features and functionalities that improve the efficiency
and usefulness of elastic security.

The project's implementation phase involves turning the design and specifications
from the earlier chapters into a fully functional software system. The main goal was to
develop a GUI that is simple to use and intuitive so that security professionals can
effectively implement the Elastic security framework. The GUI intended to create a
strong and adaptable solution that streamlines the implementation process and
optimizes the potential of elastic security by utilizing contemporary software
development methodologies and frameworks.

4.2 SYSTEM REQUIREMENTS

System requirements refer to the specific functionalities, performance characteristics,

and constraints that a software system must meet in order to satisfy the needs and
expectations of its users. These requirements are the minimum software and hardware
that must be available to run the application. The software requirements and hardware
deployment requirements are depicted below in Table 4.1 and Table 4.2 respectively.

Table 4.2 Software Requirements

Requirement Software
Operating system CentOS 7, Ubuntu, Parrot OS
Minimum JDK version Oracle JDK version 1.8.0_25 or higher
Development Tool Visual Studio Code, Electron Fiddle,
Google Cloud Platform, Figma, Vim,

37
 Nodejs
Programming Language HTML, CSS, Java Script, Bash
Elasticsearch version Elasticsearch version 7.x and higher
Ubuntu Version Ubuntu 18.04 and higher
ParrotOS Version
Electron Version Electron 14.x and higher
Node.js Version Node.js Version 16.0.0 and higher
Parrot OS Version Parrot OS 4.5 and higher

Table 4.3 Hardware Requirements

Minimum Requirements
4 GB RAM
250 MB of free disk space
1024x768 pixels

4.3 THE IMPLEMENTATION TOOLS USED

My developed my graphical user interface using several implementation tools, and

these tools where essential to the entire development process.

The User Interface and User Experience of the Graphical User Interface was designed
on Figma, which is a cloud-based tool used for design and prototyping user interfaces,
application designs, and other visual designs.

38
 Figure 4.13 Figma

The design created on Figma was converted to a web application on Visual Studio
Code with the use of HTML, CSS, and JavaScript. I used Visual Studio Code not just
for codding, but for file management and debugging. Visual Studio Code also has
several extensions and plugins which made development easier, improved
productivity, and my overall development experience.

Figure 4.14 Visual Studio Code

39
Vim which stands for Vi Improved is an enhanced version of the original Vi text
editor. Created as a part of the Unix operating system for editing, searching, and
managing files, I made use of Vim in my google cloud platform for writing and
editing my bash scripts. Because of the Google Cloud Platform environment and the
presence, it was easier for me to create, test, and edit my bash scripts.

Figure 4.15 Vim

My exported scripts, together with my web application where combined in electron

fiddle, which run on node.js, to make a cross platform desktop application. Electron
fiddle helped in simplifying the process of development and testing by providing an
integrated environment.

40
 Figure 4.16 Electron JS

I was able to create a Graphical User Interface using all these resources.

4.4 SOFTWARE DEVELOPMENT METHODOLOGY

Software development methodology describes a structured process or framework for

organizing, managing risks, designing, creating, and delivering software applications.
It offers a structured method for controlling the entire software development lifecycle,
from gathering requirements to design to coding to testing to deployment.

Some of the methods used in software development are waterfall, agile, kanban and
lean. I made use of the agile development methodology for the creation of my
interface. Agile development technique is an iterative and adaptable approach to
software development. It emphasizes providing usable software in less time and
encourages teamwork, flexibility, and responsiveness to change.

Agile, with it’s iterative and collaborative nature, provided several advantages:

I. Flexibility: According to Agile Manifesto (2001), agile process welcomes

changing requirements, even late in development, thereby harnessing change
for the customer’s competitive advantage.

41
 II. Iterative development: Agile methodology focuses on delivering incremental
value in every sprint, which allowed me to adapt changes based on feedback
and validation to improve my interface incrementally throughout the
development process.
III. Continuous Improvement: Agile methodologies allows a culture of continuous
improvement. Through feedback after every sprint, I had the opportunity to
reflect on the entire development process to identify areas for improvement,
and make adjustments to enhance the efficiency and effectiveness of the GUI
interface development.

4.5 SYSTEM MODULES AND INTERFACES

Interfaces and system modules are crucial elements in software engineering that
support a system's modular design and efficient communication. Modules enable code
reuse, maintainability, and autonomous development by acting as functionally
separate, self-contained entities. Developers can concentrate on certain components
by segmenting the system into modules based on functional boundaries, which makes
the system simpler to comprehend, test, and alter. The interaction and sharing of
information between modules is made possible via interfaces, which define the
agreements and communication protocols between them. They give modules a
standardized means of communication, ensuring compatibility and enabling the
seamless integration of various parts. Interfaces enable modules to be changed or
removed without affecting the rest by separating a module's implementation details
from how it is used. As modules may be developed, tested, and debugged
independently, this encourages collaboration, scalability, and ease of testing,
improving the overall quality and maintainability of the software system.

This section details the interfaces used for data exchange and communication among
the system's many components and shows how users interact with the interface.

There is only one user for the interface, and this user can be any of a the following:
security analyst, security operations center team, network administrators, and IT
managers.

42
4.5.1 The dashboard Module

The purpose of the dashboard is to give users a high-level overview of the systems
services, as well as show the user details of the server. The dashboard consists of a list
of services as well as their status, and buttons to start and stop each of the services. It
also gives details about the server like the cluster name, cluster id, and number of
nodes present.

Figure 4.17 Dashboard of the Security Tool

4.5.2 The Notification and Feedback Module

The notification and feedback module typically focuses on handling user

notifications, feedback, and system interactions. It includes functionality such as
managing user preferences and handling user requests.

Figure 4.18 JDK Notification interface

43
 Figure 4.19 JDK Feedback Interface

4.5.3 The Installation Module

The installation module refers to a component within a system software that handles
the installation process of the software or software components on a user’s system. It
includes an installation wizard, file and dependency management, configuration setup,
pre-installation checks, license Agreement and activation.

Figure 4.20 Elasticsearch Installation Interface

44
4.6 SYSTEM EVALUATION

A team of 30 potential users were put together to perform an evaluation based on the
usability and user experience of Summify. Each user was allowed to navigate the
application and generate a summary successfully with the system.

A questionnaire was given to each potential user using the Google Forms platform.
The form consisted of ten questions each of which were answered on a 5-point scale
bar. The questions were modelled employing the System Usability Scale (SUS). The
evaluation questions and the results of this evaluation exercise were as follows:

i. I would like to use this web app frequently.

The potential users were asked if they would use this web app again. Of the 30 users,
36.7% indicated they strongly agree that they would surely revisit the web app to
make use of it and that is terrific. 63.3% indicated that 36.7% indicated they agree to
make use of the web app again. The result is shown in Figure 4.4.

Figure 4.21: Evaluation Question 1 Result

ii. I found the web app unnecessarily complex.

The assessors of the system were asked if they found the web application
unnecessarily complex. 10% were neutral about the complexity of the application.
70% of the 30 users disagreed that the website was not complex at all while 20%
strongly disagreed. The result is being represented in Figure 4.5.

45
 Figure 4.22: Evaluation Question 2 Result

iii. I thought the web app was easy to use.

Participants were asked to specify if they found ease using the web app . 53.3%
agreed that the app was rather easy to use. 43.3% strongly agreed that the web app
was easy to use and 3.4 % were neutral about the web application’s ease. Results of
the evaluation question are depicted in Figure 4.6.

Figure 4.23: Evaluation Question 3 Result

iv. I think that I would need the support of a technical person to be able to use this web
app.

The web app was assessed for the need of a technical person when using it. They tried
the entire process of generating a summary using the app on their own. On a scale of 1
to 5, with 1 being strongly agreed and 5 being strongly disagreed, 30% of the users
strongly disagreed, 60% agreed, 8% were neutral about it and 2% agreed. The result is
shown in Figure 4.7,

46
 Figure 4.24: Evaluation Question 4 Result

v. I found the various functions in this web app well integrated.

Participants were asked if they found the various functions of the web application.
They were asked to upload a document, copy, and paste a text, generate the summary,
play the summary, and download the summary. Of the 30 users, 40% strongly agreed
that they do not need one, 56.7% agreed and 3.3% were neutral. The results are
represented in Figure 4.8.

Figure 4.25: Evaluation Question 5 Result

vi. I thought there was too much inconsistency with the web app.

The web application was evaluated for inconsistency. 33.3% of the users strongly
disagreed and 60.7 disagreed. The result of this evaluation is shown in Figure 4.9

47
 Figure 4.26: Evaluation Question 6 Result

vii. I would imagine that most people would learn to use the web app very quickly.

The potential users were asked if they thought other users would learn to use the web
app very quickly. They evaluated the learnability of the application. 46.7% of the
users strongly agreed and 53.3% agreed. The result of this evaluation is shown in
Figure 4.10.

Figure 4.27: Evaluation Question 7 Resul

48
 CHAPTER FIVE

5SUMMARY, RECOMMENDATION AND CONCLUSION

5.1 SUMMARY

This project created a Graphical User interface to try to reduce complexity in the
implementation of Security Information and Event Management system using Elastic
Security as a case study. The interface almost eliminates the dependence on command
line interface and documentation for the implementation of elastic security. It also
makes it possible for non SIEM experts to be able to set up SIEM in their
organizations.

The initiative analyzed SIEM implementation difficulties and the causes of all the
difficulties, as well as difficulties involved with interacting with a command line
interface, hence the need for the interface. This project showed the need for an
interface that streamlines the installation, configuration, integration, and deployment
to bring about the efficient implementation of SIEM. The interface lets its users
install, integrate, configure elastic security components as well as deploying the
whole system.

HCI has a major impact on security tools. The success of the interface depended on
improving the user experience when interacting with SIEM. HCI principles where
used during design and implementation to make the interface easy to use, attractive,
reduce the learning curve, attractive, and scalable. User feedback and usability testing
were used to discover and fix issues.

5.2 RECOMMENDATIONS

The interface only makes it possible to create elastic CA certificates as well as SSL
certificates and HTTP certificates under the assumption that the organization doesn’t

49
have a CSR. Later interfaces can let the users create and input their organizations CSR
or let them use external certificates and not elastic generated certificates.

The interface can also be seen to be semi-automated when it comes to the multi-node-
server implementation. Automation libraries like ansible can be added to make it
easier to manipulate multiple systems from just a single system.

The system only allowed for elastic based configurations. Further research can be
done on integrating with other tools to make the interface more robust.

5.3 CONCLUSION

Andrews (2021) study discovered that the most user-friendly and effective tools for
system administrators to utilize were GUI tools with an emphasis on those with little
experience. A GUI tool must be simple, provide clear and concise feedback to its user,
be user-centered, and be easy to learn. In this project, the interface developed is a
security tool equipped with installation, integration, and configuration capabilities.
The interface is built on the Electron framework.

50
 REFERENCES

Ali, A., Septyanto, A. W., Chaudhary, I., Hamadi, H. Al, Alzoubi, H. M., & Khan, Z. F.
(2022). Applied Artificial Intelligence as Event Horizon Of Cyber Security (pp. 1–
7). https://doi.org/10.1109/ICBATS54253.2022.9759076

Andrews, W. W. (2021). Comparative Analysis of Interface Usability for Cybersecurity

Applications. https://library.ndsu.edu/ir/handle/10365/32379

Antonio, R.-M. (2013). Architectures and Protocols for Secure Information Technology
Infrastructures. IGI Global.
https://www.google.com.ng/books/edition/Architectures_and_Protocols_for_S
ecure_I/OOKWBQAAQBAJ?
hl=en&gbpv=1&dq=systems+that+make+up+a+siem&pg=PA189&printsec=front
cover

Arndt, N., Naumann, P., Radtke, N., Martin, M., & Marx, E. (2019). Decentralized
collaborative knowledge management using git. Journal of Web Semantics, 54,
29–47. https://doi.org/https://doi.org/10.1016/j.websem.2018.08.002

Atlassian. (2019). What is Git: become a pro at Git with this guide | Atlassian Git
Tutorial. https://www.atlassian.com/git/tutorials/what-is-git

Austerlitz, H. (2003). CHAPTER 13 - computer programming languages (H. Austerlitz

(ed.); Second Edi, pp. 326–360). Academic Press.
https://doi.org/https://doi.org/10.1016/B978-012068377-2/50013-9

Berrocal, J., Garcia-Alonso, J., Murillo, J. M., Mendes, D., Fonseca, C., & Lopes, M.
(2018). Context-aware mobile app for the multidimensional assessment of the
elderly. 2018 13th Iberian Conference on Information Systems and Technologies
(CISTI). https://doi.org/10.23919/cisti.2018.8399239

Bidou, R. (2005). Security operation center concepts & implementation.

https://citeseerx.ist.psu.edu/document?
repid=rep1&type=pdf&doi=1ffaf58ab9379b1d3ef11d18091fc08df777481b

Bishop, M. (2003). Computer Security: Art and Science. Addison-Wesley Professional.

https://books.google.com.ng/books?
id=pfdBiJNfWdMC&printsec=frontcover&redir_esc=y#v=onepage&q&f=false

Blum, R. A., Ross, J. D., Simon, C. M., Brown, E. A., Harrison, R. R., & DeWeerth, S. P.
(2003). A custom multielectrode array with integrated low-noise preamplifiers
(Vol. 4, pp. 3396–3399 Vol.4). https://doi.org/10.1109/IEMBS.2003.1280874

bruce, dayana. (2019). What are the attributes of good software? - ppt download.
https://slideplayer.com/slide/14618845/

clarke, dan. (2017). Git - GUI vs CLI - The Devil’s Advocate - Dan Clarke.
https://www.danclarke.com/git-gui-vs-cli
51
Endsley, M. R. (2016). Designing for Situation Awareness: An Approach to User-
Centered Design, Second Edition. CRC Press.
https://books.google.com.ng/books?
hl=en&lr=&id=eRPBkapAsggC&oi=fnd&pg=PP1&dq=importance+of+user+center
ed+design&ots=dKODKaqXeF&sig=_oFQYu5bVT-
7CQYEq_kFYlZwmsw&redir_esc=y#v=onepage&q=importance of user centered
design&f=false

Engebretson, P. (2013). The basics of hacking and penetration testing: Ethical hacking
and penetration testing made easy. Elsevier.
https://www.google.com.ng/books/edition/The_Basics_of_Hacking_and_Penetr
ation_Te/69dEUBJKMiYC?
hl=en&gbpv=1&dq=armitage+gui&pg=PA116&printsec=frontcover

Fareed, H. (2022). What is GitKraken? Why Students Should Use GitKraken?

https://hussnainfareed.medium.com/what-is-gitkraken-why-students-should-
use-gitkraken-ccbc1f36c187

Farhan, A., Siddiqui, Ejaz, A., Syed, A., Ali, Yasir Ejaz, M., & Karachi, P. (2019). Graphic
user interface design principles for designing Augmented Reality applications
Babul-Islah: Islamic Semantic Web View project National Electricity Supply
Safety View project Graphic User Interface Design Principles for Designing
Augmented Reality Applications. IJACSA) International Journal of Advanced
Computer Science and Applications, 10.

Ferre, X., Juristo, N., Windl, H., & Constantine, L. (2001). Usability Basics for Software
Developers.
https://www.researchgate.net/publication/3247702_Usability_Basics_for_Softw
are_Developers

Fyodor, ,. (1997). The art of port scanning. http://phrack.org/issues/51/11.html

Gills, A. (2022). What is SIEM? | A Definition from TechTarget.com.

https://www.techtarget.com/searchsecurity/definition/security-information-
and-event-management-SIEM#:~:text=Vendors created SIEM by combining

Gonçalves, F., & Campos, P. (2017). Understanding and Evaluating the User Interface
Design for Creative Writing. https://doi.org/10.1145/3121283.3121298

Gopaluni, J., Unwala, I., Lu, J., & Yang, X. (2019). Graphical user interface for
OpenThread. 235–237. https://doi.org/10.1109/HONET.2019.8908055

Gupta, S. (2015). A Comparative study of Usability Evaluation Methods. International

Journal of Computer Trends and Technology, 22, 103–106.
https://doi.org/10.14445/22312803/ijctt-v22p121

Hell, M. (2022). What is a security vulnerability? https://debricked.com/blog/what-is-

security-vulnerability/

Hitchcock, K. (2022). Using Linux for the First Time. The Enterprise Linux
Administrator, 123–158. https://doi.org/10.1007/978-1-4842-8801-6_5
52
Johansen, G., Allen, L., Heriyanto, T., & Ali, S. (2016). Kali linux 2 – assuring security
by penetration testing. Packt Publishing Ltd.
https://www.google.com.ng/books/edition/Kali_Linux_2_Assuring_Security_by
_Penetr/VoFcDgAAQBAJ?
hl=en&gbpv=1&dq=zenmap&pg=PA192&printsec=frontcover

Johnson, A., Dempsey, K., Ross, R., Gupta, S., & Bailey, D. (2019). Guide for security-
focused configuration management of information systems. Guide for Security-
Focused Configuration Management of Information Systems.
https://doi.org/10.6028/nist.sp.800-128

Johnson, K. (2023). GUI – What Is It and Why Is It Important?

https://www.wikijob.co.uk/industry/it-technology/what-is-a-gui

Jones, D., & Realtimepublishers.com. (2009). The shortcut guide to secure, managed
file transfer. Realtimepublishers.com. https://books.google.com.ng/books?
id=0QlDrIfBn68C

Jones, M. (2011). Evolution of shells in Linux. https://developer.ibm.com/tutorials/l-

linux-shells/

Kaspersky. (2019). What is Cyber Security? https://www.kaspersky.com/resource-

center/definitions/what-is-cyber-security

Kaye, A. R. (2012). Collaborative learning through computer conferencing: The

najaden papers. Springer Science & Business Media.
https://books.google.com.ng/books?
hl=en&lr=&id=UMeoCAAAQBAJ&oi=fnd&pg=PA200&dq=teletypewriter+CLI&ots
=LIL99TonBo&sig=ErRFyyopz8zW_XxQvxZ-
udgZbbI&redir_esc=y#v=onepage&q=teletypewriter CLI&f=false

Kettner, B., & Geisler, F. (2022). Tools and Helpers. Pro Serverless Data Handling with
Microsoft Azure, 253–262. https://doi.org/10.1007/978-1-4842-8067-6_14

Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion
detection systems: techniques, datasets and challenges. Cybersecurity, 2.
https://doi.org/10.1186/s42400-019-0038-7

Kokulu, F. B., Soneji, A., Bao, T., Shoshitaishvili, Y., Zhao, Z., Doupé, A., & Ahn, G.-J.
(2019). Matched and Mismatched SOCs. Proceedings of the 2019 ACM SIGSAC
Conference on Computer and Communications Security.
https://doi.org/10.1145/3319535.3354239

Lhotka, L. (2007). Česká společnost uživatelů otevřených systémů europen.cz sborník

příspěvků. https://europen.zcu.cz/Anot/30/hlavni.pdf#page=23

Lospinoso, J. (2019). C++ Crash Course: A Fast-Paced Introduction. No Starch Press.

https://www.google.com.ng/books/edition/C++_Crash_Course/n1v6DwAAQBAJ
?hl=en&gbpv=1&dq=c%2B%2B&printsec=frontcover

Lyon, G. (2008). Nmap network scanning: Official nmap project guide to network

53
 discovery and security scanning. Insecure.Com, LLC.
https://books.google.com/books?
id=a_PkPQAACAAJ&dq=nmap&hl=en&newbks=1&newbks_redir=1&sa=X&ved=
2ahUKEwiMksuFmLD-AhXNV6QEHbd_D0QQ6AF6BAgDEAI

Manifesto, A. (2001). Principles behind the Agile Manifesto.

https://agilemanifesto.org/principles.html

Matras, O. C. (2015). In pursuit of a perfect system: Balancing usability and security in

computer-system development . Www.Academia.Edu.
https://www.academia.edu/26078699/In_pursuit_of_a_perfect_system_Balanci
ng_usability_and_security_in_computer_system_development_

Max, J. (2021). A History of the Console (When Computers had Personality). Console
Blog. https://blog.console.dev/when-computers-had-personality-a-history-of-
consoles/

Morales-Gonzalez, C., Harper, M., & Fu, X. (2023). Teaching software security to
novices with user friendly armitage. Journal of The Colloquium for Information
Systems Security Education, 10, 6. https://doi.org/10.53735/cisse.v10i1.173

Newman, M. W., & Landay, J. A. (2000). Sitemaps, storyboards, and specifications.

Proceedings of the Conference on Designing Interactive Systems Processes,
Practices, Methods, and Techniques - DIS ’00.
https://doi.org/10.1145/347642.347758

Octavia. (2021). Git: Advantages and Disadvantages. https://bodhizazen.net/git-

advantages-and-disadvantages/

Orebaugh, A., & Pinkard, B. (2011). Nmap in the enterprise: Your guide to network
scanning. Elsevier. https://books.google.com.ng/books?
hl=en&lr=&id=VjgezB784XIC&oi=fnd&pg=PP1&dq=zenmap&ots=k4rh9t_zU3&si
g=MQLbHY5vGf3dKsECC464_4f2GuI&redir_esc=y#v=onepage&q&f=false

Petrosyan, A. (2022). Global average cost of a data breach 2020.

https://www.statista.com/statistics/987474/global-average-cost-data-breach/

pl, N. (n.d.). FTP protocol: Network basic. AL0-033. NOITE S.C.

https://books.google.com.ng/books?id=g%5C_xzCwAAQBAJ

Pleshkova, S., & Panchev, K. (2021). Capturing and Transferring of Acoustic

Information in a Closed Room via Wireless Acoustic Sensor Network (pp. 1–5).
https://doi.org/10.1109/ELECTRONICA52725.2021.9513720

Postel, J., & Reynolds, J. (1985). File Transfer Protocol.

https://doi.org/10.17487/rfc0959

Powell, A. (1997). Web 101: A History of the GUI. WIRED.

https://www.wired.com/1997/12/web-101-a-history-of-the-gui/

Pranggono, B., & Arabo, A. (2020). COVID‐19 Pandemic Cybersecurity Issues. Internet

54
 Technology Letters, 4. https://doi.org/10.1002/itl2.247

Prikryl., M. (n.d.). Introducing WinSCP :: WinSCP. Retrieved April 17, 2023, from
https://winscp.net/eng/docs/introduction

Rahalkar, S., & Jaswal, N. (2017). Metasploit revealed: Secrets of the expert pentester:
Build your defense against complex attacks. Packt Publishing Ltd.
https://www.google.com.ng/books/edition/Metasploit_Revealed_Secrets_of_th
e_Exper/lMxPDwAAQBAJ?
hl=en&gbpv=1&dq=armitage+gui&pg=PA519&printsec=frontcover

Rao, R., & Mouli, S. (2021). INTRUSION PREVENTION SYSTEM: A SURVEY.

https://www.journal-dogorangsang.in/no_4_Book_21/54.pdf

Raymond, E. (2003). The Art of Unix Programming.

http://www.catb.org/esr/writings/taoup/html/graphics/taoup.pdf

Realtimepublishers.com. (2007). The Shortcut Guide to Securing Automated File

Transfers. Realtimepublishers.com.
https://www.google.com.ng/books/edition/The_Shortcut_Guide_to_Securing_
Automated/pwNige0CkoIC?
hl=en&gbpv=1&dq=sftp&pg=PA58&printsec=frontcover

Rehman, J. (2021). Advantages and disadvantages of Command Line Interface (CLI).

https://www.itrelease.com/2021/04/advantages-and-disadvantages-of-
command-line-interface-cli/

Robbins, A. (2005). Unix in a Nutshell. “O’Reilly Media, Inc.”

https://books.google.com.ng/books?
hl=en&lr=&id=HFKnPsTcpW0C&oi=fnd&pg=PT8&dq=related:DH9beK3YXbIJ:sch
olar.google.com/&ots=IW-Tbb1HjZ&sig=5KVPemHLloZkUmo2ck6P7b-
4dTw&redir_esc=y#v=onepage&q&f=false

Saraiva, M., & Mateus-Coelho, N. (2022). CyberSoc Framework a Systematic Review

of the State-of-Art. Procedia Computer Science, 204, 961–972.
https://doi.org/10.1016/j.procs.2022.08.117

Shirey, R. (2007). Internet Security Glossary, Version 2.

https://doi.org/10.17487/rfc4949

Shoard, P., & Davies, A. (2022). Magic Quadrant for Security Information and Event
Management. https://www.gartner.com/doc/reprints?
__hstc=7965229.b2525feffc6363fc0423b03afefa6d33.1687524559435.1687524
559435.1687524559435.1&__hssc=7965229.1.1687524559457&__hsfp=12616
19169&id=1-2BEBQF2T&ct=221013&st=sb&submissionGuid=5d829367-a57f-
4b22-b6ad-7453ec5e

Singh, G. D. (2019). Learn Kali Linux 2019: Perform powerful penetration testing using
Kali Linux, Metasploit, Nessus, Nmap, and Wireshark. Packt Publishing Ltd.
https://books.google.com.ng/books?hl=en&lr=&id=H6a-
DwAAQBAJ&oi=fnd&pg=PP1&dq=metasploit+the+penetration+tester
55
 %27s+guide&ots=FGSkXOnMDA&sig=Tmmze-
iOuVudMBmJCfibvaO7MEM&redir_esc=y#v=onepage&q&f=false

technopedia, ,. (2019). What are System Requirements? - Definition from Techopedia.

https://www.techopedia.com/definition/4371/system-requirements

Tsitoara, M. (2019). Beginning git and github: A comprehensive guide to version

control, project management, and teamwork for the new developer. Apress.
https://www.google.com.ng/books/edition/Beginning_Git_and_GitHub/3xfBDw
AAQBAJ?
hl=en&gbpv=1&dq=git+gui+tools+by+Mariot+Tsitoara&pg=PA219&printsec=fro
ntcover

tuck, michael. (2001). The Real History of the GUI - SitePoint.

https://www.sitepoint.com/real-history-gui/

Ullmer, B., & Ishii, H. (1999). mediaBlocks. https://doi.org/10.1145/632716.632739

Vielberth, M., Bohm, F., Fichtinger, I., & Pernul, G. (2020). Security Operations Center:
A Systematic Study and Open Challenges. IEEE Access, 8, 227756–227779.
https://doi.org/10.1109/access.2020.3045514

Voronkov, A., Martucci, L., & Lindskog, S. (2019). System administrators prefer
command line interfaces, don’t they? An exploratory study of firewall interfaces
this paper is included in the proceedings of the fifteenth symposium on usable
privacy and security. system administrators prefer command line in.
https://www.usenix.org/system/files/soups2019-voronkov.pdf

Williams, A. (2019). Hands-On GUI application development in go: Build responsive,

cross-platform, graphical applications with the go programming language. Packt
Publishing Ltd. https://books.google.com.ng/books?
hl=en&lr=&id=IS2KDwAAQBAJ&oi=fnd&pg=PP1&dq=GTK+toolkit&ots=_aBuv9N
0TD&sig=drtK1jb0w9L6VcfdnObe-j_8etM&redir_esc=y#v=onepage&q=GTK
toolkit&f=false

Winkler, I., & Gomes, A. T. (2017). Countermeasures. Advanced Persistent Security,

105–130. https://doi.org/10.1016/b978-0-12-809316-0.00010-5

Zillner, T. (2000). In the Beginning...Was the Command Line. ProQuest, 19, 103.
https://www.proquest.com/docview/215832005?fromopenview=true&pq-
origsite=gscholar&parentSessionId=VGST30cyLGRzjth4zw47YZSe
%2BgMJ2a9bhOzwOAzwU8E%3D

56
57