Security management system and security management method

摘要

PROBLEM TO BE SOLVED: To efficiently and surely detect a security breach by effectively utilizing information acquired from various information sources. A security management system extracts IoC information from security intelligence acquired from an information provider, assigns attribute labels to the IoC information, and identifies the relationship between a plurality of IoC information based on each attribute label. , IoC information was extracted from the log information acquired from the security breach monitoring target, the extracted IoC information was given an attribute label to generate an analysis target, and it was extracted based on the security intelligence newly acquired from the information provider. Acquires other related IoC information about new IoC information, generates a query to be used for searching the analysis target based on each of the new IoC information and other IoC information, and searches the analysis target using the generated query. , Analyze the presence or absence of security breaches based on search results. [Selection diagram] Fig. 1