A Log Aggregation Design Criteria for Robust SIEM (Security Information and Event Management) in Enhancing Threat Detection

• Published in: 8th International Conference on Recent Advances and Innovations in Engineering: Empowering Computing, Analytics, and Engineering Through Digital Innovation, ICRAIE 2023
• Main Author: Hata M.B.M.; Darus M.Y.B.; Shafiee M.Z.A.B.; Petrus E.; Jamian Y.A.
• Format: Conference paper
• Language: English
• Published: Institute of Electrical and Electronics Engineers Inc. 2023
• Online Access: https://www.scopus.com/inward/record.uri?eid=2-s2.0-85189941881&doi=10.1109%2fICRAIE59459.2023.10468438&partnerID=40&md5=76f27d07ce11a4637d4e45e27615f010

Security Operations Centers (SOCs) play a vital role in protecting organizations from cyber threats. Supported by skilled Security Analysts, they are the first line of defense, monitoring and responding to incidents. The Security Information and Event Management (SIEM) system is a critical tool for managing log data efficiently. This research focuses on optimizing log data aggregation within a SOC's SIEM framework. By exploring various log aggregation techniques, we aim to enhance the performance of data collectors, leading to quicker response times and improved security. This research contributes to a more robust defense against the ever-changing landscape of cyber threats. It empowers organizations to face evolving challenges with confidence and resilience. © 2023 IEEE.