Authors:
Gustavo Gonzalez-Granadillo
;
Susana Gonzalez-Zarzosa
and
Mario Faiella
Affiliation:
Atos Research and Innovation, Cyber Security Department and Spain
Keyword(s):
XL-SIEM, SIEM Enhancements, Security Data Analytic Platforms, SIEM Analysis.
Related
Ontology
Subjects/Areas/Topics:
Data and Application Security and Privacy
;
Information and Systems Security
;
Insider Threats and Countermeasures
;
Intrusion Detection & Prevention
;
Network Security
;
Security in Information Systems
;
Security Information Systems Architecture and Design and Security Patterns
;
Security Management
;
Wireless Network Security
Abstract:
We present in this paper a Cross-Layer Security Information and Event Management tool (herein after denoted as XL-SIEM) as an enhanced security data analytics platform with added high-performance correlation engine able to raise alarms from a business perspective considering different events collected at different layers. The platform is composed of a set of distributed agents, responsible for the event collection, normalization and transfer of data; an engine, responsible for the filtering, aggregation, and correlation of the events collected by the agents, as well as the generation of alarms; a database, responsible of the data storage; and a dashboard, responsible for the data visualization in the web graphical interface. The proposed platform has been deployed on top of the open-source SIEM OSSIM (AlienVault) providing enhanced features compared to current open-source solutions, in particular associated to data sources, correlation engine, visualization, and reaction capabilities
. A testbed implementation is described to show the integration and applicability of the tool over a security infrastructure.
(More)