Evaluation of Security Information and Event Management Systems for Custom Security Visualization Generation

Sonmez F. O. , GÜNEL KILIÇ B.

International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), Ankara, Turkey, 3 - 04 December 2018, pp.38-44 identifier

  • Publication Type: Conference Paper / Full Text
  • City: Ankara
  • Country: Turkey
  • Page Numbers: pp.38-44
  • Keywords: Security Information and Event Management, SIEM, Visualization, Splunk, AlienVault, Event Log Analyzer, Gartner, ArcSight, Rapid7


Security Information and Event Management Systems (SIEM) are generally very complex systems encapsulating a large number of functions with different behaviors. Visualization is a common way of data presentation in these systems along with other data presentation ways such as reporting, alerting, text messaging. However, generation of the visualization has different steps. If the data is in a custom format, rather than a predefined format which either obeys a standard or a known file structure, the generation of custom visualizations may not be straightforward. Evaluation information for these tools related to custom visualization generation capabilities may be useful for better decision making. This information can be used while designing visualizations through SIEM systems or purchasing the most useful SIEM system for an organization. In this study, six well-known SIEM systems are evaluated through a common scenario created by the authors to check custom visualization generation capabilities. The contributions include this unique scenario and the advantages and disadvantages regarding various steps of the provided scenario along with the difficulties experienced by the authors during the installation and configuration of these SIEM systems.