CASPIAN JOURNAL

MANAGEMENT AND HIGH TECHNOLOGIES

DEVELOPMENT OF METHODS FOR DETECTING MALICIOUS IMPACT BASED ON CORRELATION ANALYSIS OF INFORMATION SECURITY EVENTS IN SIEM SYSTEMS

Read Shishkov Sergey A., Putyato Michael M., Makaryan Alexander S., Nemchinova Valeriya O. DEVELOPMENT OF METHODS FOR DETECTING MALICIOUS IMPACT BASED ON CORRELATION ANALYSIS OF INFORMATION SECURITY EVENTS IN SIEM SYSTEMS // Caspian journal : management and high technologies. — 2022. — №3. — pp. 103-111.

Shishkov Sergey A. - Kuban State Technological University

Putyato Michael M. - Kuban State Technological University

Makaryan Alexander S. - Kuban State Technological University

Nemchinova Valeriya O. - Kuban State Technological University

During the development of information technologies information processing has become the main problem of ensuring protection, since the number of sources from which up-to-date data on the current state of security is continuously increasing. Using SIEM systems can solve the problem. SIEM combines the SEM (Security Event Management, "Security event management") and SIM (Security Information Management, "security information management") classes. SEM solutions implement real-time monitoring of security events. SIM systems provide longterm data storage and analysis of various infrastructure objects of the organization. SIEM solutions perform both of these tasks. With the help of SIEM, information security specialists can identify cyber attacks and violations of security policies at an early stage and minimize damage from them. SIEM solutions also help to assess the security of information systems and risks relevant to the enterprise. The article presents an analysis of existing information security solutions in the field of SIEM systems. Event sources for correlation systems are described, the SIEM tasks to be solved are indicated, the logic and structure of SIEM are analyzed. The review of popular correlation methods is made, the application of this system as a tool on information security is described. The article presents the procedure for developing a correlation rule using for example the MaxPatrol SIEM system.

Key words: SIEM system, IS event, IS incident, information security, IS vulnerability, IS threat