The security operations center based on correlation analysis

With the development of the information technology, the network threats are rampant day by day. In order to protect company and organization network, They have deployed a variety of network security products, such as IDS (intrusion detection system), firewalls, VPN and AVS (anti-virus system). Because of the lack of data exchange mechanism, security product cannot share the security information each other and causes the large volume of alarm message or false alarm. In this case, we need a platform or system to solve this problem The security operations center can collect and manage these security events and analyzes the related information, can reduce the false positives and false negatives, and improve security of network system. In this paper, we do some research on the event correlation analysis, introduce the processes of the analysis and the method of rule extraction, and then introduce the system architecture of security operations center.