AGAtharva GhamBackend · Platform · Security
Theme
Menu
Back to projects

Detection2023

Security Monitoring and IAM Compliance Automation

Engineered a centralized ELK platform that ingested logs from more than 13 distributed systems and automated detection and response triggers.

Improved visibility into indicators of compromise while automating cryptographic key and certificate lifecycle management with zero downtime.

Architecture Diagram

How the system fits together

This visual is meant to show the operating shape of the project at a glance: where input begins, where decisions happen, and what the useful output surface actually is.

ScopeDetection
Signals13+
Detection-engineering diagram showing centralized ELK ingestion, behavioral rules, automated response triggers, and certificate automation.

Detection-engineering diagram showing centralized ELK ingestion, behavioral rules, automated response triggers, and certificate automation.

Snapshot

What matters most in this project

13+Systems feeding shared visibility
Zero downtimeCertificate and key rotation goal
Compliance-awareOperational control design

Challenge

The challenge was to increase visibility and response quality across distributed systems while keeping compliance-sensitive controls reliable and low-friction.

Result

The outcome was stronger operational visibility, cleaner response automation, and more dependable handling of compliance-driven identity and certificate workflows.

Approach

  • Centralized logs from 13-plus systems into a shared ELK platform to make suspicious behavior easier to correlate and investigate.
  • Built behavior-based detections and response triggers so alerts reflected suspicious activity instead of isolated signatures alone.
  • Automated certificate and key lifecycle management to reduce downtime risk and support PCI DSS and NIST expectations.

Architecture

  • Centralized logs into ELK to create a shared operational picture across distributed systems and security-sensitive workflows.
  • Layered behavior-based detections and response triggers on top of the data path so alerts reflected meaningful patterns, not isolated events.
  • Connected IAM and certificate lifecycle automation to the monitoring model so trust and visibility improved together.

Impact

Improved visibility into indicators of compromise while automating cryptographic key and certificate lifecycle management with zero downtime.

  • Developed behavior-based detections and automated response logic for higher-confidence alerts.
  • Aligned key rotation and certificate management with PCI DSS and NIST expectations.

Tradeoffs and Decisions

  • Focused on higher-confidence detections rather than maximizing alert count because analyst trust mattered more than volume.
  • Automated key and certificate workflows carefully to avoid downtime while still improving compliance posture.
  • Designed for maintainability so the system would remain useful after initial deployment and handoff.

Stack

Tools and technologies behind the work

ELKIAMSSL/TLSPCI DSSNISTAutomation