Log Analytics at Petabyte Scale | S-Logix

List of Topics:

Log Analytics at Petabyte Scale: Correlating Security Events Across Hybrid Cloud (Azure Arc) using Azure Data Explorer (Kusto)

Log Analytics

Correlating Security Events Across Hybrid Cloud (Azure Arc) using Azure

Use Case:

Organizations operating in hybrid and multi-cloud environments struggle with detecting, correlating, and responding to security events in real time due to massive log volumes.

A petabyte-scale log analytics system enables centralized visibility, rapid querying, and correlation of logs across Azure, on-premises, and third-party clouds to improve cybersecurity posture.

Objective

Build a scalable log analytics pipeline for hybrid cloud environments.

Correlate security-related events across Azure and non-Azure infrastructures.

Enable near real-time threat detection using Azure Data Explorer (Kusto) and advanced analytics.

Provide dashboards and automated alerts for SOC teams.

Project Description

This project develops a petabyte-scale log analytics framework for hybrid cloud environments, leveraging Azure Arc to integrate on-premises and multi-cloud resources into Azure’s security ecosystem.

Logs from diverse sources (firewalls, VMs, IoT devices, applications, and Kubernetes clusters) are ingested through Azure Monitor, Event Hub, and Log Analytics Workspace.

Azure Data Explorer (Kusto) is then used to store, query, and analyze these logs with low latency. Security event correlation is achieved through KQL (Kusto Query Language) queries that identify patterns across datasets (e.g., detecting coordinated attacks, suspicious logins, or lateral movements).

The framework supports real-time alerting via Azure Sentinel (SIEM), with dashboards for SOC analysts. The system ensures compliance, scalability, and resilience, while minimizing the need for raw log replication by federating queries across hybrid resources.

Azure Services Used :

Azure Service	Purpose
Azure Arc	Extends Azure management and security capabilities to on-premises, hybrid, and multi-cloud resources.
Azure Data Explorer (ADX)	Core log analytics engine; processes and queries petabyte-scale log/security event data using Kusto Query Language (KQL).
Azure Monitor	Collects metrics, telemetry, and logs from distributed infrastructure and applications.
Azure Event Hub	Provides scalable event ingestion for real-time security event streaming across hybrid environments.
Log Analytics Workspace	Centralized storage for ingested logs, serving as the foundation for advanced analytics.
Microsoft Sentinel	Cloud-native SIEM tool for security monitoring, correlation, automated detection, and response.
Azure Functions	Serverless functions to automate event-driven actions (alerts, remediation, log enrichment).
Azure Machine Learning	Trains ML models for anomaly detection, threat prediction, and intelligent event correlation.
Power BI	Creates interactive dashboards for visualization of correlated security events and analytics.

Related Links

PhD Guidance and Support Enquiry

Final Year Project Enquiry

General Internship Inquiry

Project Internship Inquiry

Research Internship Inquiry

Training Inquiry

Research Topics in Cloud Computing

PhD Research Proposal in Cloud Computing

Latest Research Papers in Cloud Computing

Literature Survey in Cloud Computing

PhD Thesis in Cloud Computing

PhD Projects in Cloud Computing

Leading Journals in Cloud Computing

Leading Research Books in Cloud Computing

Research Topics in Computer Science

PhD Thesis Writing Services in Computer Science

PhD Paper Writing Services in Computer Science

How to Write a PhD Research Proposal in Computer Science