The information security is one of the most important issues in the information age. Protecting the information is one of the main responsibilities of individuals, institutions and even governments. For this purpose, lots of cyber security software are used in critical institutions. Security information and event management (SIEM) software provides organizations real-time analysis of security alerts generated by applications and network hardware. It works bycollecting log and event data generated by an organizations application, security devices and host systems and bringing it together into a single centralized platform.

This project contains several implementations and enhancement methods by which companies customize their own SIEM products for their security. To develop this project open-source programming languages and products will be used so that any company can do their own configuration on this project. This project targets to assist Security Operations Center managers so that they can manage entire network traffic through SIEM product. The enhancement part is taking open-source threat intelligence services such as Malware Information Sharing Platform (MISP) and Ulusal Siber Olaylara Müdahale Merkezi (USOM) as a reference. After that, if any malicious activity is detected in the logs by Treated Intelligence Services the software developed during this project will create an automatic alert to prevent this malicious activity using the SIEM product’s Application Programming Interface (API). This project is only available for SIEM products and threat intelligence services that are capable of managing API.