Analysis of docker container Implementation in SIEM infrastructure

Authors

  • Noper Ardi Politeknik Negeri Batam
  • Ahmadi Irmansyah Lubis Politeknik Negeri Batam
  • Ikhwan Ash Shafa Arrafi Politeknik Negeri Batam

DOI:

https://doi.org/10.30871/jaic.v9i3.9476

Keywords:

Containerization, wazuh, Docker, Virtualization, Analysis

Abstract

It is known that configuring system information and event management (SIEM) infrastructure using conventional virtualization still provides essential functions. However, if a problem occurs such as a configuration error during the staging process or application service failure, the recovery process from the error requires quite a long time. This research aims to explore and analyze the implementation of container technology in the SIEM Infrastructure using the Wazuh platform. The analysis focuses on a Docker-based architecture running Wazuh's core components: the wazuh-indexer, wazuh-manager, and wazuh-dashboard, each in its own container. This approach is evaluated to see how containerization affects SIEM effectiveness and efficiency, particularly in resource utilization and fault recovery. Performance testing carried out on systems using Docker Containers shows lower Memory and CPU usage compared to Conventional Virtualization. The results demonstrate that Docker not only enhances resource efficiency but also improves system resilience, directly impacting SIEM operational functionality.

Downloads

Download data is not yet available.

References

[1] Fitri Nova, M. D. Pratama, and D. Prayama, “Wazuh sebagai Log Event Management dan Deteksi Celah Keamanan pada Server dari Serangan Dos,” JITSI: Jurnal Ilmiah Teknologi Sistem Informasi, vol. 3, no. 1, 2022, doi: 10.30630/jitsi.3.1.59.

[2] [Docker Inc., “Docker Documentation | Docker Documentation,” Docker Documentation, 2020, Accessed: Jan. 29, 2024. [Online]. Available: https://docs.docker.com/.

[3] Dua, Rajdeep, A. Reddy Raja, and Dharmesh Kakadia. "Virtualization vs containerization to support paas." 2014 IEEE International Conference on Cloud Engineering. IEEE, 2014. doi: 10.1109/IC2E.2014.41.

[4] R. Felani, M. N. Al Azam, D. P. Adi, A. Widodo, and A. B. Gumelar, “Optimizing Virtual Resources Management Using Docker on Cloud Applications,” IJCCS (Indonesian Journal of Computing and Cybernetics Systems), vol. 14, no. 3, 2020, doi: 10.22146/ijccs.57565.

[5] F. Mulyadi, L. A. Annam, R. Promya, and C. Charnsripinyo, “Implementing Dockerized Elastic Stack for Security Information and Event Management,” in InCIT 2020 - 5th International Conference on Information Technology, 2020. doi: 10.1109/InCIT50588.2020.9310950.

[6] Rad, Babak Bashari, Harrison John Bhatti, and Mohammad Ahmadi. "An introduction to docker and analysis of its performance." International Journal of Computer Science and Network Security (IJCSNS) 17, no. 3 (2017): 228.

[7] Sollfrank, Michael, Frieder Loch, Steef Denteneer, and Birgit Vogel-Heuser. "Evaluating docker for lightweight virtualization of distributed and time-sensitive applications in industrial automation." IEEE Transactions on Industrial Informatics 17, no. 5 (2020): 3566-3576.

[8] S. Sebastio, R. Ghosh, and T. Mukherjee, “An Availability Analysis Approach for Deployment Configurations of Containers,” IEEE Trans Serv Comput, vol. 14, no. 1, pp. 16–29, 2021, doi: 10.1109/TSC.2017.2788442.

[9] G. N. Schenker, The ultimate Docker container book build, test, ship, and run containers with Docker and Kubernetes. Packt Publishing Ltd., 2023.

[10] E. N. Preeth, J. P. Mulerickal, B. Paul, and Y. Sastri, “Evaluation of Docker containers based on hardware utilization,” in 2015 International Conference on Control, Communication and Computing India, ICCC 2015, 2016. doi: 10.1109/ICCC.2015.7432984.

[11] G. N. Schenker, The ultimate Docker container book build, test, ship, and run containers with Docker and Kubernetes. Packt Publishing Ltd., 2023.

[12] Wazuh Inc., “Wazuh Documentation.” Accessed: Jan. 23, 2024. [Online]. Available: https://documentation.wazuh.com/current/index.html.

[13] A. Makris et al., “Streamlining XR Application Deployment with a Localized Docker Registry at the Edge,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2023. doi: 10.1007/978-3-031-46235-1_12.

[14] S. R. Dira, M. Arif, and F. Ridha, “Monitoring Kubernetes Cluster Menggunakan Prometheus dan Grafana,” Proceeding Applied Business and Engineering Conference, no. November, 2022..

[15] F. I. F. Farrel, Is Mardianto and Adrian Sjamsul Qamar, “Implementation of Security Information & Event Management (SIEM) Wazuh with Active Response and Telegram Notification for Mitigating Brute Force Attacks on The GT-I2TI USAKTI Information System,” Intelmatics, vol. 4, no. 1, 2024, doi: 10.25105/itm.v4i1.18529.

[16] P. S. S. Patchamatla, "Security Implications of Docker vs. Virtual Machines," International Journal of Innovative Research in Science, Engineering and Technology, vol. 12, no. 09, Jun. 2023, doi: 10.15680/IJIRSET.2023.1209003

[17] Ardi, Noper, S. Supardianto, and Ahmadi Irmansyah Lubis. "Predicting missing value data on IEC TC10 datasets for dissolved gas analysis using tertius algorithm." Journal of Applied Informatics and Computing 7, no. 1 (2023): 50-56.

[18] Yang, Hubin, et.al, “REDB: Real-time enhancement of Docker containers via memory bank partitioning in multicore systems. Journal of Systems and Software, vol. 151, p. 103135, 2024

[19] Soldani, J., & Brogi, A., "Docker-based models for engineering IoT systems," Journal of Systems and Software, vol. 188, p. 111270, 2022

[20] Oliveira, Asiss T et.al, “Analysis of SR-IOV in Docker containers using RTT measurements” Journal of Systems and Software, vol. 228, p. 107961, 2024

[21] Gangula, Rekha, et.al, Integration of dynamic Docker containers and kuberneters with advanced cloud and Internet of Things”, Materialstoday:Proceeedings, Vol. 80 2023, Pages 3476-3480

Downloads

Published

2025-06-20

How to Cite

[1]
N. Ardi, A. I. Lubis, and Ikhwan Ash Shafa Arrafi, “Analysis of docker container Implementation in SIEM infrastructure”, JAIC, vol. 9, no. 3, pp. 973–978, Jun. 2025.

Issue

Vol. 9 No. 3 (2025): June 2025

Section

Articles

License

Copyright (c) 2025 Noper Ardi, Ahmadi Irmansyah Lubis, Ikhwan Ash Shafa Arrafi

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) ) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

Similar Articles

1 2 3 4 5 > >> 

You may also start an advanced similarity search for this article.