威胁情报辅助研判系统在电力系统安全运维中的应用

为及时发现、处置电力信息系统面临的重大网络安全风险和隐患,从海量安全防护设备日志中识别出真实威胁并辅助研判,该文采用基于威胁情报数据的告警关联分析技术设计一个威胁情报辅助研判系统,通过获取日志系统各类安全设备告警和日志信息,将日志信息之间,以及与威胁情报之间进行关联分析,快速发现并定位威胁所在,解决关键的安全事件可能存在误报、漏报和重复报警等问题。通过该系统在电力企业安全运维中的应用,帮助安全人员快速有效地识别真实攻击,并及时进行风险处置和预防,提升企业的安全事件分析效率和对威胁行为的检测能力与响应速度。

In order to discover and deal with the major network security risks and hidden dangers faced by the power information system in time,identify the real threats from the massive security equipment logs and assist in the research and judgment,in this paper,a threat intelligence assistant research system is designed by using the alarm correlation analysis technology based on threat intelligence data,and the alarm and log information of all kinds of security devices in the log system are obtained,the correlation between log information and threat intelligence is analyzed,so as to quickly find and locate threats,and solve the problems of false positives,false positives and repeated alarms in key security incidents.Through the application of the system in the security operation and maintenance of power enterprises,it is supposed to help security personnel to identify real attacks quickly and effectively,deal with and prevent risks in a timely manner,and improve the efficiency of security incident analysis and the ability to detect and respond to threat behavior.