The Operational Role of Security Information and Event Management Systems

@article{Bhatt2014TheOR,
  title={The Operational Role of Security Information and Event Management Systems},
  author={Sandeep N. Bhatt and Pratyusa K. Manadhata and Loai Zomlot},
  journal={IEEE Security \& Privacy},
  year={2014},
  volume={12},
  pages={35-41}
}
An integral part of an enterprise computer security incident response team (CSIRT), the security operations center (SOC) is a centralized unit tasked with real-time monitoring and identification of security incidents. Security information and event management (SIEM) systems are an important tool used in SOCs; they collect security events from many diverse sources in enterprise networks, normalize the events to a common format, store the normalized events for forensic analysis, and correlate the… 
Challenges and Directions in Security Information and Event Management (SIEM)
TLDR
The challenges in addressing massive volumes of highly-unstructured text logs, ongoing work on the integration of an open source SIEM, and directions in modeling system behavioral baselines for inferring compromise indicators are presented.
A Security Information and Event Management Pattern
TLDR
A generic SIEM pattern is derived by analyzing already existing tools on the market, among additional information, to adhere to a bottom-up process for pattern identification and authoring.
A SURVEY ON LOG CORELATION IN SECURITY INFORMATION AND EVENT MANAGEMENT WITH HADOOP
TLDR
This article contains some information and surveys of different papers regarding the security information and management system and log analysis and log correlation, and a good open source SIEM system with a high capacity processing framework like Hadoop.
Security operation center implementation on OpenStack
TLDR
The main goal of this paper is to receive and analyze events from OpenStack environment and to develop new correlation rules and response scenarios for these alerts.
Secured Access Control in Security Information and Event Management Systems
TLDR
By applying the proposed method, it is possible to provide the secured and integrated access control module for SIEM as well as the security of theAccess control module significantly increases in these systems.
WASPP: Workflow Automation for Security Policy Procedures
Every day, university networks are bombarded with attempts to steal the sensitive data of the various disparate domains and organizations they serve. For this reason, universities form teams of
Security Information and Event Management Model Based on Defense-in-Depth Strategy for Vital Digital Assets in Nuclear Facilities
TLDR
DID-SIEM is SIEM model that incorporates the design requirements to meet both the cyber security guidelines and operational constraints of nuclear facilities, and is proposed that is a security information and event management model based on defense-in-depth strategy.
Dimensional data model for early alerts of malicious activities in a CSIRT
TLDR
An online analytical processing system for early alerts of upcoming malicious activities and the functionality of the application is demonstrated, where it is possible to visualize with certainty of both, the early warnings, as well as the level of security of the participant Institutions, about the registered threats and vulnerabilities.
Syslog Daemon for Security Event Monitoring using UDP Protocol
  • C. Roja, P. Jayanthi
  • Computer Science
    2019 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA)
  • 2019
TLDR
The server is developed employing User Datagram Protocol (UDP), works like a Daemon which monitors and stores the security alerts indicating different events that arise from the system itself into the database.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 11 REFERENCES
A logic-based model to support alert correlation in intrusion detection
TLDR
A federative data model is proposed for security systems to query and assert knowledge about security incidents and the context in which they occur and constitutes a consistent and formal ground to represent information that is required to reason about complementary evidences, in order to confirm or invalidate alerts raised by intrusion detection systems.
Alert correlation in a cooperative intrusion detection framework
  • F. Cuppens, A. Miège
  • Computer Science
    Proceedings 2002 IEEE Symposium on Security and Privacy
  • 2002
TLDR
This paper presents the work done within the MIRADOR project to design CRIM, a cooperative module for intrusion detection systems (IDS), and focuses on the approach to design the correlation function.
Prioritizing intrusion analysis using Dempster-Shafer theory
TLDR
The resulting belief scores were verified through both anecdotal experience on the production system as well as by comparing the belief rankings of hypotheses with the ground truths provided by the data sets used in evaluation, showing thereby that belief scores can be effective in mitigating the high false positive rate problem in intrusion analysis.
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
TLDR
A novel system, Beehive, that attacks the problem of automatically mining and extracting knowledge from the dirty log data produced by a wide variety of security products in a large enterprise, and is able to identify malicious events and policy violations which would otherwise go undetected.
The base-rate fallacy and the difficulty of intrusion detection
TLDR
There are indications that at least some types of intrusion detection have far to go before they can attain such low false alarm rates, due to the base-rate fallacy phenomenon.
Reasoning about complementary intrusion evidence
TLDR
Techniques to automatically integrate complementary evidence into Bayesian networks, and reason about uncertain or unknown intrusion evidence based on verified evidence are developed.
Applied Security Visualization
APPLIED SECURITY VISUALIZATION Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the
A survey on information visualization: recent advances and challenges
TLDR
A comprehensive survey and key insights into this fast-rising area of InfoVis are presented, which identifies existing technical challenges and propose directions for future research.
Mining association rules between sets of items in large databases
TLDR
An efficient algorithm is presented that generates all significant association rules between items in the database of customer transactions and incorporates buffer management and novel estimation and pruning techniques.
Beware the Big Errors of ‘Big Data,’
  • Wired,
  • 2013
...
1
2
...