Show/Hide Menu
Hide/Show Apps
anonymousUser
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Açık Bilim Politikası
Açık Bilim Politikası
Frequently Asked Questions
Frequently Asked Questions
Browse
Browse
By Issue Date
By Issue Date
Authors
Authors
Titles
Titles
Subjects
Subjects
Communities & Collections
Communities & Collections
Evaluation of Security Information and Event Management Systems for Custom Security Visualization Generation
Date
2018-12-04
Author
Sonmez, Ferda Ozdemir
Günel Kılıç, Banu
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
2
views
0
downloads
Security Information and Event Management Systems (SIEM) are generally very complex systems encapsulating a large number of functions with different behaviors. Visualization is a common way of data presentation in these systems along with other data presentation ways such as reporting, alerting, text messaging. However, generation of the visualization has different steps. If the data is in a custom format, rather than a predefined format which either obeys a standard or a known file structure, the generation of custom visualizations may not be straightforward. Evaluation information for these tools related to custom visualization generation capabilities may be useful for better decision making. This information can be used while designing visualizations through SIEM systems or purchasing the most useful SIEM system for an organization. In this study, six well-known SIEM systems are evaluated through a common scenario created by the authors to check custom visualization generation capabilities. The contributions include this unique scenario and the advantages and disadvantages regarding various steps of the provided scenario along with the difficulties experienced by the authors during the installation and configuration of these SIEM systems.
Subject Keywords
Security Information And Event Management
,
SIEM
,
Visualization
,
Splunk
,
Alienvault
,
Event Log Analyzer
,
Gartner
,
Arcsight
,
Rapid7
URI
https://hdl.handle.net/11511/55643
Collections
Graduate School of Informatics, Conference / Seminar