| Open source information security management system OSSIM(OPEN SOURCESECURITY INFORMATION MANAGEMENT) is a very popular and complete open security organization system. OSSIM packs and integrates the products on the market, which can provide a safety monitoring platform. Its purpose is to provide an organized, focused, display better and monitoring framework system.We can take it as integration for products. It puts together several of security products in the market keeping themselves with the role and function of premise not develops a new function. Therefore, the core technology is to integrate and associate open source products and then integrate some related functions.At first, this paper analyzes the foundation of the network information security technology in the field, and then emphatically elucidates the correlation engine technology based on OSSIM integrated safety management system. The system mainly consists four modules: data collection, the link between the data, the realization of data warehouse and the console. The system includes a complete event handling process:assessment, prevention, monitoring and response. it improve the alarm redundancy security. It joins the security SIMC intelligent management center, which can reduce the alarm in the security event redundancy.In this paper, this paper introduces the system structure, OSSIM analysis function,process, and the working principle; Detailed introduces the core technology of OSSIM relevance engine technology and its algorithm; Join SIMC to control alarm redundancy;In the Linux environment to implement system. |
PDF Full Text Request