检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:孙东旭 SUN Dongxu(China National Petroleum Corporation,Beijing 100010,China)
机构地区:[1]中国石油天然气集团有限公司,北京100010
出 处:《现代信息科技》2022年第21期25-28,共4页Modern Information Technology
摘 要:文章涉及的业务系统有较大的商业、经济和政治价值,为了应对黑产和国家级组织等高级别威胁,在日志审计方面,针对业务系统审计日志的全面性、扩展性,日志信息是否满足业务和安全运维人员的工作需要,以及实现整个技术栈中各类异构日志的关联分析等问题,分别进行了研究,并提出了基于安全需求和行业最佳实践的安全日志规范,在日志处理时通过“丰富化”技术对原始日志字段扩展出业务信息字段,以及定义标准日志模型并对各类日志实现标准化处理和统一存储等解决方法。相关设计已在实际项目中得到应用,达到了预定目标。The business system involved in this paper has great commercial,economic and political value.In order to deal with high-level threats such as black production and national organizations,in terms of log audit,we have studied the comprehensiveness and scalability of the business system audit log,whether the log information meets the work needs of business and security operation and maintenance personnel,and how to achieve the correlation analysis of various heterogeneous logs in the entire technology stack.It also puts forward security log specifications based on security requirements and industry best practices,during log processing,business information fields expanded from original log fields through “enrichment” technology,and solutions such as defining standard log models and implementing standardized processing and unified storage on various logs.The relevant design has been applied in the actual project and achieved the predetermined goal.
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49
