Skip to Main Content
Many preventive security measures purport to protect networks from cyber intrusions. These adopted measures can generate a large amount of information that should be stored and analyzed to enable responses to detected attacks. Security information and event managers (SIEMs) are indispensable for collecting all of a system's security-related information in a central repository. This can then provide trend analysis and lead analysts to adopt appropriate actions. A collaborative work approach lets SIEMs of different trusted domains share alarms and their countermeasures. By sharing alarms and adopted measures in domains with similar profiles, the authors hope to enhance a global view of the security and facilitate decision making for security-domain administrators.