System of Collection and Analysis Event Log from Sources under Control of Windows Operating System
| Title | System of Collection and Analysis Event Log from Sources under Control of Windows Operating System |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Moskvichev, A. D., Dolgachev, M. V. |
| Conference Name | 2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon) |
| Keywords | analysis of incidents, composability, computer security, domain controller, event collector, event forwarding technology, event log, event log analysis, event management, event sources, event-forwarding technology, Industrial engineering, Information security, Information systems, Metrics, monitoring events, Operating systems, operating systems (computers), Protocols, pubcrawl, received events, resilience, Resiliency, security, security information, security of data, Servers, system monitoring, the monitoring center, universal system, Windows operating system, Windows Operating System Security |
| Abstract | The purpose of this work is to implement a universal system for collecting and analyzing event logs from sources that use the Windows operating system. The authors use event-forwarding technology to collect data from logs. Security information and event management detects incidents from received events. The authors analyze existing methods for transmitting event log entries from sources running the Windows operating system. This article describes in detail how to connect event sources running on the Windows operating system to the event collector without connecting to a domain controller. Event sources are authenticated using certificates created by the event collector. The authors suggest a scheme for connecting the event collector to security information and event management. Security information and event management must meet the requirements for use in conjunction with event forwarding technology. The authors of the article demonstrate the scheme of the test stand and the result of testing the event forwarding technology. |
| DOI | 10.1109/FarEastCon50210.2020.9271520 |
| Citation Key | moskvichev_system_2020 |
- Metrics
- Windows Operating System Security
- universal system
- the monitoring center
- system monitoring
- Servers
- security of data
- security information
- Resiliency
- resilience
- received events
- pubcrawl
- Protocols
- operating systems (computers)
- operating systems
- monitoring events
- Windows operating system
- Information systems
- information security
- Industrial engineering
- event-forwarding technology
- event sources
- event management
- event log analysis
- event log
- event forwarding technology
- event collector
- domain controller
- computer security
- composability
- analysis of incidents
- security