Principles of data collection for building a secure enterprise infrastructure based on SIEM systems

Objective. The purpose of the article is to present the main capabilities and advantages of implementing and using SIEM systems.

Method. System analysis method was used.

Result. The main systems of the SIEM class are described, their main capabilities, advantages and disadvantages are listed, and various options for constructing such systems and principles of data collection are considered.

Conclusion. Studying the functioning of systems of this type allows us to assess the possibility of their use in the construction of security systems of various scales and architectures. To make maximum use of the capabilities of SIEM systems, it is necessary to adapt and configure it to specific information security requirements. The prospect for further research will be the use of hybrid approaches based on intermediate storage using data streaming.

1. David R. Miller, Shon Harris, Allen Harper, Stephen VanDyke, Chris Blask Security Information and Event Management (SIEM) Implementation. McGraw Hill Professional, 2010: 496.

2. Mark Talabis, Robert McPherson, I. Miyamoto, and Jason Martin Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data. Syngress, 2014: 182.

3. Jay Jacobs, Bob Rudis Data-Driven Security Analysis, Visualization and Dashboards. Wiley, 2014: 352.

4. SIEM Architecture: Technology, Process and Data // exabeam URL: https://www.exabeam.com/ (access date: 10/06/2023).

5. Different types of logs in SIEM and their log formats. ManageEngine Log360 URL: https://www.manageengine.com/ (access date: 10/06/2023).

6. V. A. Vorona, V. A. Tikhonov. Complex (integrated) security systems. Moscow: Hotline-Telecom, 2013: 160. (In Russ)

7. Assessing the relative damage to the security of an information system: monograph / Dubinin E.A., Tebueva F.B., Kopytov V.V. Moscow: RIOR, 2013: 288. (In Russ)

8. Information protection. Computer security: monograph / Dubinin E.A., Tebueva F.B., Kopytov V.V. Moscow: RIOR, 2022: 192 (In Russ)

9. Evan Wheeler Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. - 1st ed. - Kindle, 2011: 582.

10. Korolev I. D., Popov V. I., Larionov V. A. Analysis of the problems of information management systems and security events in information systems. Innovations in Science. 2018;12: 19-25. (In Russ)