Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Security Event Management (SEM) with CEP (Part 4) - The 5 Principles of SEM
Special Forums News, Links, Events and Announcements Complex Event Processing RSS News Security Event Management (SEM) with CEP (Part 4) - The 5 Principles of SEM Post 302124609 by Linux Bot on Monday 2nd of July 2007 01:48:13 AM
Old 07-02-2007
Security Event Management (SEM) with CEP (Part 4) - The 5 Principles of SEM
Security Event Management (SEM) with CEP (Part 4) - The 5 Principles of SEM
In Part 2 and Part 3 of Security Event Management (SEM) with CEP, we reviewed trends in cybersecurity and the motivation for SEM and CEP. That introduction leads us to a brief post on the high-level functional requirements of SEM.
In a nutshell, according to the literature and the marketplace, SEM functionality is based on these 5 principles:
  1. Log collection from heterogeneous devices - the capability to read, parse, normalize, and gather security events from a variety of heterogeneous event sources;
  2. Situation detection - the capacity to detect and refine threat-related situations automatically and priorities based on an automatic impact assessment, optimizing staff performance to focus on preventing the most important threats;
  3. Threat prevention and remediation - generate alerts and automated responses based upon high probability threat scenarios and manage the life cycle of the threat;
  4. Report generation - automate reports that support post-threat investigation, regulatory compliance and update visualizations and dashboards; and,
  5. Scalable, distributed architecture - the architecture must manage millions of logs per day, distribute the processing load, and with service-oriented services for transformation, event tracking, correlation, updates, remediation and visualizations.
These 5 functional requirements, or principles, are easy to write down in bullet format, but very difficult to achieve in practice. In fact, just about every SEM implementation in the marketplace today falls far short of realizing the stated goals of SEM. In my next post in this series, Security Event Management (SEM) with CEP (Part 5), I will elaborate on of why the promise of SEM is elusive and unachievable by most, if not all, current SEM vendor implementations.
Copyright © 2007 by Tim Bass, All Rights Reserved.


More...
 

2 More Discussions You Might Find Interesting

1. Programming

shm sem fork etc... Please help

:confused: This is already my n-th attempt to write this program. Some help would be appreciated. I have created some children processes, a couple of them writes to a shared memory (array of ints, where the first element is the "counter" of all elements in the array). The other child deletes an... (1 Reply)
Discussion started by: Dana73
1 Replies

2. Solaris

zone.max-sem-ids -- ???

Hi, OS = Solaris10 Can someone please advise what is the difference between the following two (2) output of the prctl commands? # prctl -n zone.max-sem-ids $$ process: 18782: -sh NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT zone.max-sem-ids ... (0 Replies)
Discussion started by: newbie_01
0 Replies

LEARN ABOUT MOJAVE

ipc::semaphore5.18

IPC::Semaphore(3pm)					 Perl Programmers Reference Guide				       IPC::Semaphore(3pm)

NAME

       IPC::Semaphore - SysV Semaphore IPC object class

SYNOPSIS

	   use IPC::SysV qw(IPC_PRIVATE S_IRUSR S_IWUSR IPC_CREAT);
	   use IPC::Semaphore;

	   $sem = IPC::Semaphore->new(IPC_PRIVATE, 10, S_IRUSR | S_IWUSR | IPC_CREAT);

	   $sem->setall( (0) x 10);

	   @sem = $sem->getall;

	   $ncnt = $sem->getncnt;

	   $zcnt = $sem->getzcnt;

	   $ds = $sem->stat;

	   $sem->remove;

DESCRIPTION

       A class providing an object based interface to SysV IPC semaphores.

METHODS

       new ( KEY , NSEMS , FLAGS )
	   Create a new semaphore set associated with "KEY". "NSEMS" is the number of semaphores in the set. A new set is created if

	   o   "KEY" is equal to "IPC_PRIVATE"

	   o   "KEY" does not already have a semaphore identifier associated with it, and "FLAGS & IPC_CREAT" is true.

	   On creation of a new semaphore set "FLAGS" is used to set the permissions.  Be careful not to set any flags that the Sys V IPC
	   implementation does not allow: in some systems setting execute bits makes the operations fail.

       getall
	   Returns the values of the semaphore set as an array.

       getncnt ( SEM )
	   Returns the number of processes waiting for the semaphore "SEM" to become greater than its current value

       getpid ( SEM )
	   Returns the process id of the last process that performed an operation on the semaphore "SEM".

       getval ( SEM )
	   Returns the current value of the semaphore "SEM".

       getzcnt ( SEM )
	   Returns the number of processes waiting for the semaphore "SEM" to become zero.

       id  Returns the system identifier for the semaphore set.

       op ( OPLIST )
	   "OPLIST" is a list of operations to pass to "semop". "OPLIST" is a concatenation of smaller lists, each which has three values. The
	   first is the semaphore number, the second is the operation and the last is a flags value. See semop for more details. For example

	       $sem->op(
		   0, -1, IPC_NOWAIT,
		   1,  1, IPC_NOWAIT
	       );

       remove
	   Remove and destroy the semaphore set from the system.

       set ( STAT )
       set ( NAME => VALUE [, NAME => VALUE ...] )
	   "set" will set the following values of the "stat" structure associated with the semaphore set.

	       uid
	       gid
	       mode (only the permission bits)

	   "set" accepts either a stat object, as returned by the "stat" method, or a list of name-value pairs.

       setall ( VALUES )
	   Sets all values in the semaphore set to those given on the "VALUES" list.  "VALUES" must contain the correct number of values.

       setval ( N , VALUE )
	   Set the "N"th value in the semaphore set to "VALUE"

       stat
	   Returns an object of type "IPC::Semaphore::stat" which is a sub-class of "Class::Struct". It provides the following fields. For a
	   description of these fields see your system documentation.

	       uid
	       gid
	       cuid
	       cgid
	       mode
	       ctime
	       otime
	       nsems

SEE ALSO

       IPC::SysV, Class::Struct, semget, semctl, semop

AUTHORS

       Graham Barr <gbarr@pobox.com>, Marcus Holland-Moritz <mhx@cpan.org>

COPYRIGHT

       Version 2.x, Copyright (C) 2007-2010, Marcus Holland-Moritz.

       Version 1.x, Copyright (c) 1997, Graham Barr.

       This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.18.2							    2014-01-06						       IPC::Semaphore(3pm)
All times are GMT -4. The time now is 08:46 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy