| Abstract: |
Global security standards such as ISO 27001 mandate institutions to proactively conduct log monitoring and analysis and engage in continuous improvement. Nevertheless, the inefficiencies of current log analytics tools place significant burden on security engineers striving to adhere to these standards. The current log parsing methods exhibit inconsistent accuracy across different logging systems, necessitating security engineers to invest substantial effort in evaluating the performance of log parsing tools and selecting the most effective one for each system. Moreover, the current log querying process relies heavily on setting filter rules, which often entails manually retrieving system configurations to establish query rules. This consumes a considerable amount of time for security engineers and poses challenges for junior engineers with limited knowledge of system configurations. To mitigate these inefficiencies, we aim to explore the utilization of advanced clustering methods to enhance log parsing consistency and accuracy. Additionally, we plan to investigate the use of graph-based log query methods to assist security engineers in efficiently generating log queries. |
