Security event merging processing method and device, electronic equipment and storage medium

A technology for security events and processing methods, applied in the fields of security event consolidation and processing methods, electronic equipment and storage media, and devices, can solve problems such as loss, limited energy of security operators, and security events that are not quickly dealt with, and achieve guarantee effectiveness. , the effect of improving efficiency

Pending Publication Date: 2020-12-04
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

These alerts are often caused by the accumulation of false positives from excessive event detections, resulting in a higher number of security incidents per day
However, in reality, due to the limi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security event merging processing method and device, electronic equipment and storage medium
  • Security event merging processing method and device, electronic equipment and storage medium
  • Security event merging processing method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0027] In order to more clearly understand the above objects, features and advantages of the present disclosure, the solutions of the present disclosure will be further described below. It should be noted that, in the case of no conflict, the embodiments of the present disclosure and the features in the embodiments can be combined with each other.

[0028] In the following description, many specific details are set forth in order to fully understand the present disclosure, but the present disclosure can also be implemented in other ways than described here; obviously, the embodiments in the description are only some of the embodiments of the present disclosure, and Not all examples.

[0029] figure 1 It is a flow chart of a method for merging and processing security events provided by an embodiment of the present disclosure. The method includes the following steps:

[0030] S110. Acquire security event data, where the security event data includes an attacking IP, an attacke...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a security event merging processing method and device, electronic equipment and a storage medium. The method comprises the steps: obtaining security event data which includesan attack IP, an attacked IP and an event type; constructing an attack relation graph by taking the attack IP and the attacked IP as nodes; determining all connected sub-graphs included in the attackrelation graph; determining priorities of the connected sub-graphs, wherein the more important the connected sub-graphs are, the higher the priorities of the connected sub-graphs are; and outputting the security event data corresponding to each connected sub-graph based on the priority of each connected sub-graph. The essence of the technical scheme of the embodiment of the invention is that the most concerned event is extracted from massive security events to be aggregated, and an aggregation event is subjected to enhanced analysis and priority arrangement on the basis so that security operators can carry out associated disposal on a plurality of events, and can preferentially dispose the events with greater threats at present.

Description

technical field [0001] The present disclosure relates to the technical field of network security, and in particular to a method, device, electronic equipment and storage medium for merging and processing security events. Background technique [0002] Security operations personnel are faced with a large number of attack event alarm information that needs to be processed every day. These alerts are often caused by the accumulation of false positives from excessive event detection, resulting in a high number of security incidents per day. However, in practice, due to the limited energy of security operators, many security incidents are not handled quickly. If these unaddressed security incidents include alarms on critical assets, this can cause a certain amount of damage. Contents of the invention [0003] In order to solve the above technical problems or at least partly solve the above technical problems, the present disclosure provides a method, device, electronic device ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/20
Inventor 鲍青波周晓阳
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap