The Security Operation Center Collector Based On Information Security Technology

SOC (Security Operation Center) refers to the core of the assets, to the key processes of security event management, using the security domain divided into the idea, establishing a real-time asset risk model. SOC is a centralized security management system include of incident analysis, risk analysis, early-warning and emergency response management. With the development of the Internet and the complex network environments, information security protection becomes increasingly important. SOC system in the field of information security will be more widely applied. In this paper, design SOC collector system based on regular expression technology and information security technology. Thesis work includes the following aspects:First, after researching the history and the development of SOC technology, I proposed the SOC collecter system design based on the information security technology.Second, complete the resolution rules design. The rules can resolve the logs collected by the collector. Complete the log merge module design based on information security technology, and the module has taken advanced compression strategy. Save hardware resources significantly, and improve the efficiency of the system.The system has a faster rate of feedback in the experimental test.At last, complete the firmware design for SOC collector that uniform standards for collecting configuration can improve system stability, and system installation, upgrades are more convenient. Some possible solutions of improving the system performance were proposed after completing the system. And the possibility of extending the system function was analysed.Test result of the experiment show that the SOC system can achieve to monitor and protect network equipments. The SOC system can collect and analyze logs of equipments timely, and generate alarm by association rules. System design is based on the proven theoretical basis, through the rational design of the collector to ensure the collection of the events and events processing capabilities such as an important indicator measure of collector performance, and make the system stable.More research could be made in upgrading and improving this system, includes:expansion of the log resolution entries, improving the classification rules, stability improvement.