Increasing the level of automation of data collection processes on identified events and incidents of information security
Abstract
Increasing the level of automation of data collection processes on identified events and incidents of information security
Incoming article date: 10.09.2021The relevance of the study is due to the need to increase the level of automation of the data collection process when using the services of information security centers (security operation centers) and information security incident management systems (SIEM systems). The article presents a comparison of the most popular SIEM systems, as well as the possibilities of their connection to various data sources on identified events and incidents of information security. This article is aimed at identifying a method (or method) for collecting data on information security events and incidents using console I/O information interaction interfaces in automatic mode. The requirements for the process of automatic data collection on identified events and incidents of information security are defined. The possibilities of the available mathematical apparatus allowing to evaluate the effectiveness of the proposed solution are revealed. An algorithm is presented that allows to implement the proposed solution to the software implementation. The materials of the article are of practical value for specialists and developers working in the field of information security, as well as theoretical value for researchers carrying out their research both in the field of information security and in the field of information technology in general.
Keywords: database, data collection, information security event, information security incident, information security, information security center, SIEM system, automated control system, automation, database interface