{"title":"基于开源软件的自动化事件管理系统的开发","authors":"R. Gibadullin, V. V. Nikonorov","doi":"10.1109/RusAutoCon52004.2021.9537385","DOIUrl":null,"url":null,"abstract":"This article addresses the development of the system for automated incident management based on open-source software. The idea behind that research is to automate the information security incident management process, including reducing the processing time and incident response. Solutions of the Security Orchestration, Automation, and Response (SOAR) class were analyzed. Based on this analysis, the system for automated incident management has been developed. For the system to work without interruptions, a fault-tolerant operation scheme was designed. The system also implements centralized management with a distributed, federated architecture. This research confirmed that SOAR solutions can reduce incident response times, reduce the number of specialists in the incident management process, and automate this process.","PeriodicalId":106150,"journal":{"name":"2021 International Russian Automation Conference (RusAutoCon)","volume":"302 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Development of the System for Automated Incident Management Based on Open-Source Software\",\"authors\":\"R. Gibadullin, V. V. Nikonorov\",\"doi\":\"10.1109/RusAutoCon52004.2021.9537385\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article addresses the development of the system for automated incident management based on open-source software. The idea behind that research is to automate the information security incident management process, including reducing the processing time and incident response. Solutions of the Security Orchestration, Automation, and Response (SOAR) class were analyzed. Based on this analysis, the system for automated incident management has been developed. For the system to work without interruptions, a fault-tolerant operation scheme was designed. The system also implements centralized management with a distributed, federated architecture. This research confirmed that SOAR solutions can reduce incident response times, reduce the number of specialists in the incident management process, and automate this process.\",\"PeriodicalId\":106150,\"journal\":{\"name\":\"2021 International Russian Automation Conference (RusAutoCon)\",\"volume\":\"302 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Russian Automation Conference (RusAutoCon)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RusAutoCon52004.2021.9537385\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Russian Automation Conference (RusAutoCon)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RusAutoCon52004.2021.9537385","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Development of the System for Automated Incident Management Based on Open-Source Software
This article addresses the development of the system for automated incident management based on open-source software. The idea behind that research is to automate the information security incident management process, including reducing the processing time and incident response. Solutions of the Security Orchestration, Automation, and Response (SOAR) class were analyzed. Based on this analysis, the system for automated incident management has been developed. For the system to work without interruptions, a fault-tolerant operation scheme was designed. The system also implements centralized management with a distributed, federated architecture. This research confirmed that SOAR solutions can reduce incident response times, reduce the number of specialists in the incident management process, and automate this process.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
