Design And Implementation Of Enterprise Security Operation Center Management System

Enterprise's safe operation aims at achieving the safety goal,putting forward the idea of safety solution,validating effect,analyzing problems,diagnosing problems,coordinating resources to solve problems and continuing iterative optimization.At the same time,in order to ensure the security of information assets,the related security products are managed in a centralized way,and all security information is collected.Through in-depth analysis,statistics and correlation of various security incidents collected,the safety baseline of managed assets is timely reflected,the security risks are positioned,and the security solutions for various security incidents are provided in a timely manner.Through the division of security domains of various IT resources in the network and the collection,processing and analysis of massive heterogeneous networks and security events,a set of measurable risk models for business information systems is established,which enables administrators at all levels to realize the assets operation monitoring,event analysis and auditing,risk assessment and measurement,early warning and response,situation analysis and standardization.Process management achieves continuous and safe operation.Under this background,the security operation center system emerged as the times require.It provides an excellent solution to the above problems and solves the problems of the security operation center in real time and efficiently.The project of this paper comes from the project of JD Information Security Department,which is the author's internship.The system collects excellent SOC platforms published on the Internet at home and abroad and makes in-depth comparative analysis.It combines with a security operation center system customized by JD's unique scenario,so as to achieve the goal of improving the standardization of security operation process,high efficiency of security operation process and labeling.The sending language is Go,the back-end framework uses the lightweight framework Beego,the database uses Redis and MySQL,and the server uses the lightweight server Nginx which is commonly used.In this project,there are nine modules,including authority system module,emergency response center module,security vulnerability management module,illegal work order system module,event work order system module,risk task work order system module,data statistics center system module,user system management module and big data integration analysis module.The author is mainly responsible for authority system module and emergency response module.Should center module,security vulnerability management module,illegal work order system module,event work order system module,risk task work order system module,data statistics center system module,user system management module.Now the system has been tried out in JD Information Security Department,and other functions will be added in the later period.The on-line operation of the system makes the safe operation of enterprises effectively managed and guaranteed,and also improves the operational efficiency of the security department.