Gaynov Arthur Evgenevich (Kuban institute of information protection, Krasnodar)
Zavodtsev Ilya Valentinovich (k.t.s., docent, Kuban institute of information protection, Krasnodar)
|
In this script a technique for forming a significant set of the rules for SIEM-systems is proposed, which allows to identify and eliminate possible conflicts in the process of forming correlation rules in case of simultaneously setting complementary, parallel or interrelated relations between different security events. In general it allows reducing the number of information se-curity incidents, which are not detected by other methods.
Keywords:an information security incident, a SIEM-system, a log-file.
|
|
|
Read the full article …
|
Citation link: Gaynov A. E., Zavodtsev I. V. Methodology for forming a significant set of the rules of correlation to identify distributed events of information security // Современная наука: актуальные проблемы теории и практики. Серия: Естественные и Технические Науки. -2017. -№05. -С. 53-61 |
|
|