Multi-source network security alarm event tracing and automatic processing method and device

A technology of alarm events and handling methods, which is applied in the field of network security, can solve the problems of high false alarm rate and false alarm rate, difficulty in tracing the source of enterprise security operation and maintenance personnel, and small proportion of automatic handling, so as to achieve the level of enhanced security protection and facilitate Traceability analysis, the effect of improving efficiency

Pending Publication Date: 2022-03-04
INFORMATION & TELECOMM COMPANY SICHUAN ELECTRIC POWER
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Today, when the country attaches great importance to network security, the level of network security construction of medium and large enterprises is constantly improving. Various security protection devices are running in the network structure of the enterprise to protect the boundaries, terminals, servers and other areas of the enterprise. However, a large number of The security protection equipment also brings thousands of security alarms. Security operation and maintenance personnel need to analyze and judge the alarms, and spend a lot of time and energy on security alarm handling.
[0003] In addition, the traditional situational awareness equipment currently collects the logs of security protection equipment, but the number of security protection equipment in operation is large, the number of daily security alarms is also large, and the format of the log source is also different, so the rate of alarm misses and false alarms is high. , each security protection device defines different types of alarms, resulting in too many alarm categories, which makes it very difficult for enterprise security operation and maintenance personnel to trace the source
[0004] In addition, for the security alarm incidents generated by the security protection equipment, the current method is mainly manual processing. The firewall is blocked manually, and the proportion of automatic processing is small. Especially during the offensive and defensive drills, the manual processing of security alarms is inefficient. Mishandling and omission of security incidents

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-source network security alarm event tracing and automatic processing method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] This embodiment provides a multi-source network security alarm event tracing and automatic processing method, such as figure 1 shown, including the following steps:

[0057] Obtain security log data; security log data includes security device alarm data, alarm logs and / or business system log data;

[0058] Specifically, there are two ways to obtain security log data in this embodiment. Way 1: actively collect alarm data of security devices through the REST API interface of the log audit system, and access log data through the business system access_log; way 2: through syslog Passively collect security devices to actively send alarm logs;

[0059] Identify the IP of the security log data, and divide the security log data into the corresponding index category according to the IP correspondence; the IP correspondence is the correspondence between the IP and the index category, and one index category contains multiple IPs;

[0060] The index categories in this embodiment ...

Embodiment 2

[0079] This embodiment provides a multi-source network security alarm event traceability and automatic processing device, including:

[0080] A security log data collection module, configured to acquire security log data, where the security log data includes alarm data of security devices, alarm logs and / or log data of business systems;

[0081] The classification module is used to identify the IP of the security log data, and divide the security log data into corresponding index categories according to the IP correspondence; the IP correspondence is the correspondence between the IP and the index category, and one index category contains multiple IPs;

[0082] The obtaining module is used to obtain the attack source IP when the index category is the Internet; when the index category is a terminal, obtain the attacked source IP;

[0083] Judgment module, used to judge whether to block the attack source IP or the attacked source IP according to the risk assessment result; the r...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-source network security alarm event tracing and automatic processing method and device. The method comprises the following steps: acquiring security log data; identifying the IP of the security log data, and dividing the security log data into corresponding index categories according to the IP correspondence; when the index category is the Internet, acquiring an attack source IP; when the index category is a terminal, acquiring an attacked source IP; judging whether the attack source IP or the attacked source IP is forbidden or not according to a risk assessment result; and when the risk assessment result is a risk, controlling the firewall to forbid the attack source IP or the attacked source IP. The invention aims to provide the multi-source network security alarm event tracing and automatic handling method and device, so that the energy, the alarm missing report rate and the false alarm rate of security operation and maintenance personnel in handling the security alarm event are reduced, and the security alarm handling efficiency is improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for tracing the source of a multi-source network security alarm event and automatically handling it. Background technique [0002] Today, when the country attaches great importance to network security, the level of network security construction of medium and large enterprises is constantly improving. Various security protection devices are running in the network structure of the enterprise to protect the boundaries, terminals, servers and other areas of the enterprise. However, a large number of Security protection equipment also brings thousands of security alarms. Security operation and maintenance personnel need to analyze and judge the alarms, and spend a lot of time and energy on security alarm handling. [0003] In addition, the traditional situational awareness equipment currently collects the logs of security protection equipment, but the numb...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40
CPCH04L63/0236H04L63/0263H04L63/1425H04L63/1441
Inventor 吕磊黄昆陈龙杨旭东许珂黄林郭智超
Owner INFORMATION & TELECOMM COMPANY SICHUAN ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap