SPHINX User Interface Functional Requirements & Guidelines: Security Information and Event Management

The SPHINX System interacts with the user in order to develop cyber awareness concerning risks, vulnerabilities and incidents within the  IT  network and connected devices. Moreover,  it allows the user to perform vulnerability assessment and certification of devices.  In this regard,  the user interface needs to be designed according to the user’s needs and expectations to ensure the utility of SPHINX.

Continue from Part II.

Security Information and Event Management (SIEM)

SIEM is responsible for triggering alerts and matching information using log files that are collected from multiple resources such as data collected from Data traffic monitoring, system log files, auditing checks, vulnerability assessments.

SIEM allows users to specify sources (or listeners) to use, including “Input” (Upload, Paths, Listeners), “Query” (Scheduled, Executions) and “Database”.    After defining the rules, specific tags are appointed to the data which can be used afterward for setting up conditions and set scheduled queries for the alerts to trigger according to the specified conditions.

The next snapshot illustrates results from scheduled queries: (1) Scheduled queries (2) Visualisation (chart format) of the number of queries that met the condition for each month (3) Tag filtering (4) Visualisation (tabular form) of the results from the scheduled queries.

More information about the Functional Requirements and Guidelines of SPHINX can be found in Deliverable 2.10 that is publicly available here.