Security information and event manager with ticketing system
With today’s need for increased security more and more security devices are being integrated into enterprise networks. This makes the task of reviewing logs from different network devices in the network a tedious task especially when signature based detection might pick up a lot of false positives....
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Animo Repository
2012
|
| Online Access: | https://animorepository.dlsu.edu.ph/etd_bachelors/14793 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | De La Salle University |
| Language: | English |
| Summary: | With today’s need for increased security more and more security devices are being integrated into enterprise networks. This makes the task of reviewing logs from different network devices in the network a tedious task especially when signature based detection might pick up a lot of false positives. Also, SIEMs can help organizations with their regulatory compliance reports and internal auditing. This task is made easier by using Security Information and Event Manager (SIEM). SIEM parses, correlates, alerts and stores reports to be analyzed by the correlation engine of the SIEM so that only the report or a set of reports that needs attention will be presented to the analysis in a central interface. The main of this project is to develop SIEM to address the problems of centralization of security management, regulatory compliance reports, and networks security auditing. The project will be composed of four main components, the parser, the data storage, correlation engine and the user interface. A further motivation for the proponents to develop a SIEM is the lack of accessibility to the general public due to the high price tag that is associated to SIEMs. |
|---|