SentinelJC: An Open-Source Tool for Cyber Incident Management in a Military Institution (#1157)

Authors

Chuquisengo Acosta, Henry Marino

Castro Basilio, Jhonny Paul

Quinto Huamán, Carlos

Godoy Caso, Juan

Ochoa Castillo, Percy Fortunato

Abstract

Currently, organizations manage complex IT infrastructures characterized by a large number of interconnected devices. While interconnectivity provides operational advantages, it also complicates the control and detection of cyberattacks, increasing the likelihood of cybersecurity incidents. Such incidents can damage strategic objectives, cause financial losses, affect reputation, and steal confidential information. In a military institution, it is crucial to protect sensitive assets that may be targets for breaches of national security. These assets include not only strategic facilities but also classified information, advanced technological systems, and critical operational capabilities. In this context, this article presents SentinelJC, an open-source cybersecurity incident management tool that enables the Joint Command of the Armed Forces of Peru (CCFFAA) to manage events, incidents, and vulnerabilities based on the NIST framework with four key functions: prevention, detection, response, and recovery. Tools such as Security Onion and Wazuh are used for proactive threat detection, while iTop is employed for incident tracking and documented management. During a seven-day trial conducted to validate the tool, early detection of incidents and threats was achieved, allowing for optimized infrastructure security. This approach significantly contributed to reducing the risk of attacks and enhancing the response capability to cybersecurity incidents.