<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">vdgtu</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Дагестанского государственного технического университета. Технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of Dagestan State Technical University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2073-6185</issn><issn pub-type="epub">2542-095X</issn><publisher><publisher-name>Daghestan State Technical University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.21822/2073-6185-2024-51-1-173-179</article-id><article-id custom-type="elpub" pub-id-type="custom">vdgtu-1467</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ И ТЕЛЕКОММУНИКАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS</subject></subj-group></article-categories><title-group><article-title>Принципы сбора данных для построения защищенной инфраструктуры предприятия на базе SIEM систем</article-title><trans-title-group xml:lang="en"><trans-title>Principles of data collection for building a secure enterprise infrastructure based on SIEM systems</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Попов</surname><given-names>А. Д.</given-names></name><name name-style="western" xml:lang="en"><surname>Popov</surname><given-names>A. D.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Попов Антон Дмитриевич, кандидат технических наук, доцент кафедры автоматизированных информационных систем органов внутренних дел</p><p> 394065, г. Воронеж, пр. Патриотов, 53, Россия </p></bio><bio xml:lang="en"><p>Anton D. Popov, Cand. Sci. (Eng.), Assoc. Prof., Department of automated information systems of internal organs </p><p>53 Patriotov Ave., Voronezh 394065, Russia </p></bio><email xlink:type="simple">anton.holmes@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Никитенко</surname><given-names>А. Н.</given-names></name><name name-style="western" xml:lang="en"><surname>Nikitenko</surname><given-names>A. N.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Никитенко Анастасия Николаевна, слушатель, радиотехнический факультет</p><p> 394065, г. Воронеж, пр. Патриотов, 53, Россия </p></bio><bio xml:lang="en"><p>Anastasia N. Nikitenko, Student of the Radio Engineering faculty</p><p>53 Patriotov Ave., Voronezh 394065, Russia </p></bio><email xlink:type="simple">nastena.yefimova0001@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Воронежский институт МВД России</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Voronezh Institute of the Ministry of Internal Affairs of Russia</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2024</year></pub-date><pub-date pub-type="epub"><day>18</day><month>04</month><year>2024</year></pub-date><volume>51</volume><issue>1</issue><fpage>173</fpage><lpage>179</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Попов А.Д., Никитенко А.Н., 2024</copyright-statement><copyright-year>2024</copyright-year><copyright-holder xml:lang="ru">Попов А.Д., Никитенко А.Н.</copyright-holder><copyright-holder xml:lang="en">Popov A.D., Nikitenko A.N.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.dgtu.ru/jour/article/view/1467">https://vestnik.dgtu.ru/jour/article/view/1467</self-uri><abstract><sec><title>Цель</title><p>Цель. Целью статьи является представление основных возможностей и преимуществ внедрения и использования SIEM-систем.</p></sec><sec><title>Метод</title><p>Метод. Для реализации поставленной цели использован метод системного анализа.</p></sec><sec><title>Результат</title><p>Результат. Описаны основные системы класса SIEM, перечислены их основные возможности, преимущества и недостатки, а также рассмотрены различные варианты построения таких систем и принципы сбора данных.</p></sec><sec><title>Вывод</title><p>Вывод. Изучение функционирования SIEM-систем позволяет оценить возможность их использования в построении систем безопасности различных масштабов и архитектур. Для максимального использования возможностей SIEM-систем необходимо провести её адаптацию и настройку под конкретные требования информационной безопасности. Перспективой дальнейших исследований будет применение гибридных подходов, основанных на промежуточных хранилищах с использованием потоковой передачи данных.</p></sec></abstract><trans-abstract xml:lang="en"><sec><title>Objective</title><p>Objective. The purpose of the article is to present the main capabilities and advantages of implementing and using SIEM systems.</p></sec><sec><title>Method</title><p>Method. System analysis method was used.</p></sec><sec><title>Result</title><p>Result. The main systems of the SIEM class are described, their main capabilities, advantages and disadvantages are listed, and various options for constructing such systems and principles of data collection are considered.</p></sec><sec><title>Conclusion</title><p>Conclusion. Studying the functioning of systems of this type allows us to assess the possibility of their use in the construction of security systems of various scales and architectures. To make maximum use of the capabilities of SIEM systems, it is necessary to adapt and configure it to specific information security requirements. The prospect for further research will be the use of hybrid approaches based on intermediate storage using data streaming.</p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>SIEM система</kwd><kwd>сбор данных</kwd><kwd>хранение данных</kwd><kwd>интеграция</kwd><kwd>информационная безопасность</kwd></kwd-group><kwd-group xml:lang="en"><kwd>SIEM system</kwd><kwd>data collection</kwd><kwd>data storage</kwd><kwd>integration</kwd><kwd>information security</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">David R. Miller, Shon Harris, Allen Harper, Stephen VanDyke, Chris Blask Security Information and Event Management (SIEM) Implementation. - McGraw Hill Professional, 2010. - 496 с.</mixed-citation><mixed-citation xml:lang="en">David R. Miller, Shon Harris, Allen Harper, Stephen VanDyke, Chris Blask Security Information and Event Management (SIEM) Implementation. McGraw Hill Professional, 2010: 496.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Mark Talabis, Robert Mcpherson, I. Miyamoto, and Jason Martin Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data. - Syngress, 2014. - 182 с.</mixed-citation><mixed-citation xml:lang="en">Mark Talabis, Robert McPherson, I. Miyamoto, and Jason Martin Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data. Syngress, 2014: 182.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Jay Jacobs, Bob Rudis Data-Driven Security Analysis, Visualization and Dashboards. Wiley, 2014. - 352 с.</mixed-citation><mixed-citation xml:lang="en">Jay Jacobs, Bob Rudis Data-Driven Security Analysis, Visualization and Dashboards. Wiley, 2014: 352.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">SIEM Architecture: Technology, Process and Data // exabeam URL: https://www.exabeam.com/ (дата обращения: 06.10.2023).</mixed-citation><mixed-citation xml:lang="en">SIEM Architecture: Technology, Process and Data // exabeam URL: https://www.exabeam.com/ (access date: 10/06/2023).</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Different types of logs in SIEM and their log formats // ManageEngine Log360 URL: https://www.manageengine.com/ (дата обращения: 06.10.2023).</mixed-citation><mixed-citation xml:lang="en">Different types of logs in SIEM and their log formats. ManageEngine Log360 URL: https://www.manageengine.com/ (access date: 10/06/2023).</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Ворона В. А., Тихонов В. А. Комплексные (интегрированные) системы обеспечения безопасности. - Москва: Горячая линия-Телеком, 2013. - 160 с.</mixed-citation><mixed-citation xml:lang="en">V. A. Vorona, V. A. Tikhonov. Complex (integrated) security systems. Moscow: Hotline-Telecom, 2013: 160. (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Оценка относительного ущерба безопасности информационной системы: монография / Дубинин Е.А., Тебуева Ф.Б., Копытов В.В. - Москва: РИОР, 2013. - 288 c.</mixed-citation><mixed-citation xml:lang="en">Assessing the relative damage to the security of an information system: monograph / Dubinin E.A., Tebueva F.B., Kopytov V.V. Moscow: RIOR, 2013: 288. (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Защита информации. Компьютерная безопасность: монография / Дубинин Е.А., Тебуева Ф.Б., Копытов В.В. - Москва: РИОР, 2022. - 192 c.</mixed-citation><mixed-citation xml:lang="en">Information protection. Computer security: monograph / Dubinin E.A., Tebueva F.B., Kopytov V.V. Moscow: RIOR, 2022: 192 (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Evan Wheeler Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. - 1 изд. - Kindle, 2011. - 582 с.</mixed-citation><mixed-citation xml:lang="en">Evan Wheeler Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. - 1st ed. - Kindle, 2011: 582.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Королев И. Д., Попов В.И., Ларионов В.А. Анализ проблематики системы управления информацией и событиями безопасности в информационных системах // Инновации в науке. - 2018. - №12. - С. 19-25.</mixed-citation><mixed-citation xml:lang="en">Korolev I. D., Popov V. I., Larionov V. A. Analysis of the problems of information management systems and security events in information systems. Innovations in Science. 2018;12: 19-25. (In Russ)</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
