Network monitoring equipment, network monitoring methods, and network monitoring programs

摘要

PROBLEM TO BE SOLVED: To appropriately detect a sign of a cyber attack and appropriately calculate the priority of countermeasures against the detected cyber attack. SOLUTION: In a network monitoring device 100, a CPU 102 detects an increase point of darknet traffic, and the darknet traffic corresponding to the increase point is detected within its own organization, and an observation point and its own organization The correlation score of darknet traffic between them is above the threshold, the source IP address is on the blacklist, it is present as attack information in threat intelligence, there is a log corresponding to the honeypot, and the log is Whether at least one of the following conditions is met: the existing honeypot is in your organization, the CVSS score for the subject is above the threshold, and the vulnerable product is in your organization. Based on the above, the evaluation value indicating the priority of countermeasures against cyber attacks should be calculated. [Selection diagram] Fig. 1