Arquitectura Modular de Ciberseguridad Basada en Software Libre

Hernando José  Peña Hidalgo; Luis Fernando  Zambrano Hernandez; Sonia Ximena  Moreno Molano; Jorge Eliecer Hernández-Pérez

Vol. 6 No. 2 (2025)

Published 2025-10-01

license

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Artículos

Arquitectura Modular de Ciberseguridad Basada en Software Libre

Hernando José Peña Hidalgo Universidad Nacional Abierta y a Distancia

Luis Fernando Zambrano Hernandez Universidad Nacional Abierta y Distancia

Sonia Ximena Moreno Molano Universidad Nacional Abierta y Distancia

Jorge Eliecer Hernández Pérez Universidad Nacional Abierta y Distancia

PDF (Spanish)

Abstract
References

This document presents the proposed design of a prototype logical infrastructure for the
. operation of CSIRT-UNAD, based on the evaluation and selection of open-source tools. The proposal articulates a modular ecosystem that integrates Wazuh (correlation and monitoring), Suricata (network intrusion detection), ELK Stack (log storage and visualization), TheHive and Cortex (incident management and automation), and MISP (threat intelligence). The model covers the entire incident management cycle and aligns with frameworks such as NIST, ENISA, and SIM3 v2, as well as national policies (CONPES 3995) and UNAD’s Institutional Development Plan. The results demonstrate technical feasibility and cost-effectiveness, as well as its value for applied research, academic outreach, and interinstitutional cooperation, positioning CSIRT-UNAD as a sustainable university benchmark.

keywords: CSIRT, Cybersecurity, Incident Management, Open-Source Software, Vulnerability

Abdul, W., Abdul, F., & Ammar, M. (2022). Which open-source IDS? Snort, Suricata or Zeek. https://www.sciencedirect.com/science/article/abs/pii/S1389128622002420?via%3Dihub

Andrade, R., & Torres, J. (2019). Enhancing intelligence SOC with big data tools. https://doi-org.bibliotecavirtual.unad.edu.co/10.1109/IEMCON.2018.8614779

Basis Technology. (2022). Autopsy. https://www.autopsy.com/

CaiVirtual. (2022). Balance anual del cibercrimen en Colombia 2022. https://caivirtual.policia.gov.co/sites/default/files/observatorio/Balance%20anual%202022.pdf

Castiblanco, A. (2024). Aprovechamiento de soluciones de software libre en el montaje y puesta en marcha de un centro de respuesta a incidentes informáticos para organizaciones colombianas. https://repository.unad.edu.co/handle/10596/61598

CCIT. (2022). Informe SAFE: Tendencias del cibercrimen 2021–2022. https://www.ccit.org.co/wp-content/uploads/informe-safe-tendencias-del-cibercrimen-2021-2022.pdf

Congreso de Colombia. (2009). Ley 1273 de 2009. http://www.secretariasenado.gov.co/senado/basedoc/ley_1273_2009.html

Congreso de Colombia. (2012). Ley 1581 de 2012. http://www.secretariasenado.gov.co/senado/basedoc/ley_1581_2012.html

CONPES. (2020). Política nacional de confianza y seguridad digital (Documento CONPES 3995). https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3995.pdf

EAS-OAS. (2024). MISP Tecnical Manual. https://shares.csirtamericas.org/s/4fz9FcdqePPDf8A/download/CSIRTAmericas%20MISP%20Technical%20Manual.pdf

ENISA. (2020). HOW TO SETUP UP CSIRT AND SOC. https://www.enisa.europa.eu/publications/how-to-set-up-csirt-and-soc

Filigran. (2022). OpenCTI. https://filigran.io/platforms/opencti/

GDPR.eu. (2018). General Data Protection Regulation GDPR. https://gdpr.eu/

ICONTEC. (2020). ISO/IEC 27032:2020 Tecnologías de la información. Técnicas de seguridad. Directrices para ciberseguridad. https://ecollection-icontec-org.bibliotecavirtual.unad.edu.co/normavw.aspx?ID=77621

ICONTEC. (2020). ISO/IEC 27035:2020 Tecnología de la información. Gestión de incidentes de seguridad de la información. Parte 1: Principios y procesos. https://ecollection-icontec-org.bibliotecavirtual.unad.edu.co/normavw.aspx?ID=77621

ICONTEC. (2022). ISO/IEC 27001:2022 Seguridad de la información, ciberseguridad y protección de la privacidad. Sistemas de gestión de seguridad de la información. https://ecollection-icontec-org.bibliotecavirtual.unad.edu.co/normavw.aspx?ID=77621

Jaikla, T., Suksomboon, K., & Pattaranantakul, M. (2022). Open-source SOC-as-a-Service for Strengthening Cybersecurity in Small and Medium Manufacturers in Thailand toward Industry 4.0. https://apnic.foundation/projects/open-source-soc-as-a-service-for-strengthening-cybersecurity-in-small-and-medium-manufacturers-in-thailand-toward-industry-4-1/technicalreport/

Janampa, H., Huamani, H., & Meneses, Y. (2022). Snort Open Source como detección de intrusos para la seguridad de la infraestructura de red. https://www.redalyc.org/articulo.oa?id=378369292004

Kaspersky. (s.f.). Return on security investment: Internal SOCs halve the financial impact of enterprise data breaches. Return on security investment: Internal SOCs halve the financial impact of enterprise data breaches

Mardjan, M., & Jahan, A. (2020). Using open source for security and privacy protection. Security and Privacy Reference Architecture. https://security-and-privacy-reference-architecture.readthedocs.io/en/latest/10-using-oss.html

MinTIC. (2021). Informe nacional de ciberseguridad 2021. https://gobiernodigital.mintic.gov.co/

MISP Project. (2022). Malware Information Sharing Platform (MISP). https://www.misp-project.org/

Mohd, S., Li, S., & Arief, B. (2022). Incident Response Practices Across National CSIRTs. https://kar.kent.ac.uk/94119/1/Incident-Response-Practice.pdf

NIST. (2020). Computer Security Incident Handling Guide (SP 800-61 Rev. 2). https://doi.org/10.6028/NIST.SP.800-61r2

OISF. (2022). Suricata IDS/IPS/NSM engine. https://suricata.io/

Open CSIRT Foundation. (2023). SIM3 v2 interim – Security Incident Management Maturity Model. https://opencsirt.org/wp-content/uploads/2023/11/SIM3_v2_interim_standard.pdf

Presidencia de la República de Colombia. (2020). Decreto 620 de 2020. https://www.funcionpublica.gov.co/eva/gestornormativo/norma.php?i=118337

Quintero, J. (2018). Implementación de un sistema de detección de intrusos en la red interna de la Alcaldía de Montería usando software libre. https://repository.unad.edu.co/handle/10596/17438

Rabby, Z. (2022). Building Security Operations Center (SOC) using open source technologies SIEM for industries. https://dspace.bracu.ac.bd/xmlui/handle/10361/22720

Rincon, G., Avila, E., Navarrete, J., & Herrera, H. (2025). Propuesta de modelo de un Centro de Operaciones de Seguridad Cibernética – CSOC - Open Source para empresas Mipymes. http://hdl.handle.net/11371/7260

Rosero, W. (2021). Diseño documental para la implementación del CSIRT para el caso de estudio de la Empresa Cibersecurity de Colombia LTAA. https://repository.unad.edu.co/handle/10596/42000

Shuffle. (2022). Shuffle Open Source SOAR platform. https://shuffler.io/

StrangeBee. (2022). Cortex Speed up analysis and make response easier. https://strangebee.com/cortex/

StrangeBee. (2022). TheHive Collaborative Case Management Platform for cybersecurity teams. https://strangebee.com/thehive/

The Volatility Foundation. (2022). Volatility. https://volatilityfoundation.org/

UNAD. (2018). Resolución 04256 de 2018. https://sgeneral.unad.edu.co/images/documentos/resoluciones/2015/RES0_4256_20150303.pdf

UNAD. (2023). Plan de Desarrollo Docenal 2023 - 2034 UNAD 5.0. https://informacion.unad.edu.co/images/2023/PLAN_DE_DESARROLLO_2023-2034.pdF

Vazão, A., Santos, L., Piedade, M., & Rabadão, C. (2019). SIEM Open Source Solutions: A Comparative Study. https://doi-org.bibliotecavirtual.unad.edu.co/10.23919/CISTI.2019.8760980

Villegas, M., Carrión, D., & Castro, J. (2021). CSIRT universitario: Guía de implementación para campus. http://www.risti.xyz/issues/ristie39.pdf

Villegas, W., Ortiz, I., & Sanchez, S. (2021). Proposal for an Implementation Guide for a Computer Security. https://www.mdpi.com/2073-431X/10/8/102/pdf

Yeti Project. (2022). Yeti: Open source threat intelligence platform. https://yeti-platform.io/

Zeek Project. (2022). Zeek: The network analysis framework. https://zeek.org/

license

How to Cite

Peña Hidalgo, H. J. ., Zambrano Hernandez, L. F. ., Moreno Molano, S. X. ., & Hernández Pérez, J. E. (2025). Arquitectura Modular de Ciberseguridad Basada en Software Libre. Documentos De Trabajo ECBTI, 6(2). https://publicaciones.unad.edu.co/index.php/wpecbti/article/view/10057

Download Citation

Metrics

Metrics Loading ...