Relevance of the topic. In the context of rapid digital transformation, computer-integrated systems are becoming the foundation of critical infrastructure, ensuring deep interaction between informationand operational technologies. However, the increasing complexity of such systems significantly expands the attack surface, where cyber incidents can cause not only data loss but also physical accidents, production stoppages, and threats to personnel safety. Traditional protection tools often prove ineffective due to data fragmentation and the problem of information overload on personnel caused by false positives. Therefore, automating monitoring through the implementation of SIEM systems is a critical task. This allows for centralized event collection, real-time correlation, and increased resilience of technological processes against modern threats.
Aim and tasks of the research. The aim of the work is to increase the efficiency of protection for computer-integrated systems by developing and implementing an automated threat monitoring system based on SIEM technologies.
To achieve this aim, the following tasks were resolved:
1. An analysis of monitoring tools and security assurance for computerintegrated systems was conducted.
2. The architecture and operating principles of the Wazuh SIEM system were analyzed for its implementation.
3. Practical deployment and configuration of system components were carried out: the VMware ESXi hypervisor, the Wazuh server part based on Ubuntu, and heterogeneous client systems (Windows, Linux) were integrated by installing and registering agents.
4. Scenarios were developed, and simulation of typical security threats, particularly failed authorization attempts, was conducted for experimental verification of the system's performance.
5. The results of the experiment were analyzed: the triggering of correlation rules in Wazuh and generated event logs were investigated, and an assessment of the system's efficiency regarding threat detection was provided.
6. The prospects for the development of the proposed solution were determined, and possibilities for its integration into industrial computer-integrated environments were investigated.
7. A concept for a startup project was developed to commercialize the automated monitoring solution, which includes market analysis, development of a market strategy and marketing program, a business model for the startup implementation, and an assessment of its economic efficiency.
Object of research — processes of information security assurance and incident monitoring in computer-integrated systems.
Subject of research — methods and tools for automated cyber threat detection using the Wazuh SIEM system in a virtualized environment.
Research methods. The work uses: systems analysis methods (to investigate SIEM architecture and CIS threats); virtualization methods (to deploy the test bench on VMware ESXi); simulation modeling methods (to reproduce attack scenarios); experimental methods (to verify system performance and analyze event logs); methods of economic analysis and marketing planning (to develop the startup project).
Scientific novelty of the obtained results:
1. The architecture of the security monitoring system for CIS has been improved by integrating the Wazuh SIEM system into the VMware ESXi virtualized environment, which ensures deployment flexibility and scalability without
significant hardware costs.
2. The application of event correlation methods in heterogeneous systems has been further developed, allowing for automated real-time threat detection at the level of distributed agents.
Practical value of the obtained results lies in the creation of a working prototype of an automated monitoring system, ready for integration into enterprise infrastructure. The developed concept of the startup project proves the economic
efficiency of using this solution to ensure the cyber resilience of computer-integrated systems.
Research advisor: H.Bohdan
