OpenSIEM:A Unified Open Source Security Management Framework

OpenSIEM:A Unified Open Source Security Management Framework

연구 분야: Safety

학회: 2025 5th International Conference on Expert Clouds and Applications (ICOECA)

The fast evolution of cyber threats is a source of tremendous difficulties to organizations around threat detection and response. In their traditional form, Security Information and Event Management (SIEM) solutions are often too expensive and too complex to be accessible by many enterprises. This paper will present Open SIEM, a scalable, open-source security management framework that can provide automation in security, real-time incident response, and log management. In this way, Open SIEM is a fusion of Wazuh, TheHive, Shuffle, Elasticsearch, Logstash, Kibana, MISP, VirusTotal, OpenCTI, and Apache Cassandra, and ingests and processes more than 10,000 security logs per second such that only 5% of alerts actually need any manual investigation. Reducing false positives by 40% and increasing incident response time by 70%, the framework is contributing to SDG 9 (Industry, Innovation, and Infrastructure) by automating cybersecurity infrastructures, SDG 16 (Peace, Justice, and Strong Institutions) by protecting digital security and preventing cybercrime, and SDG 17 (Partnerships for the Goals) through facilitating international collaboration via an open-source security solution. Open SIEM thus presents a security model that enhances efficiency, scalability, and cost-effectiveness against emerging cyber threats.