Intelligent-based SIEM security email alert

Intelligent-based SIEM security email alert

연구 분야: Safety

학회: 2023 11th International Conference on Information and Communication Technology (ICoICT)

SIEM, or Security Information and Event Management, can be considered the latest cybersecurity technology in the security strategy that was taken and utilized mostly by professional cybersecurity teams. Whether it’s from a large enterprise to a medium-small size company, it is used as a tool to monitor their IT environment to protect the company’s digital assets, security incident prevention, and in addition, protect the company’s reputation. Due to its reliability, it is fair to say that SIEM plays a vital role in the current cybersecurity trends since it can provide all these features through just a platform or web console compared to an antivirus. Even though SIEM includes many advanced security features. However, some pre-installed features contain limitations that may not suit a security team's needs when it comes to their operation manuals. For instance, the SOC (Security Operations Center) team is often required to review the reports generated by SIEM and send the info to their clients with the company’s customized email templates. This feature is not provided by most of the SIEM software. Thus, this paper aims to develop a system that can overcome the lack of email customization and SOC team-to-customers email sending-related issues in the SIEM that the SOC teams currently face in their daily operation.