Principles of data collection for building a secure enterprise infrastructure based on SIEM systems

Abstract

Objective. The purpose of the article is to present the main capabilities and advantages of implementing and using SIEM systems.Method. System analysis method was used.Result. The main systems of the SIEM class are described, their main capabilities, advantages and disadvantages are listed, and various options for constructing such systems and principles of data collection are considered.Conclusion. Studying the functioning of systems of this type allows us to assess the possibility of their use in the construction of security systems of various scales and architectures. To make maximum use of the capabilities of SIEM systems, it is necessary to adapt and configure it to specific information security requirements. The prospect for further research will be the use of hybrid approaches based on intermediate storage using data streaming.