Skip to content

Latest commit

 

History

History
61 lines (61 loc) · 3.81 KB

soc_overview.md

File metadata and controls

61 lines (61 loc) · 3.81 KB
+-------+                                                    +-------------+
|WAF log|---------+                                 +--------|Network Flows|   
+-------+         |                                 |        +-------------+
                  |                                 |
+-----------+     |                                 |      +---------------+
|IDS/IPS log|-----+                                 +------|Network Traffic|
+-----------+     |   +------------+                |      +---------------+
                  +---|Firewall log|                |
+----------+      |   +------------+                |   +------------------+
|System log|------+                                 +---|Authentication log|
+----------+      |                                 |   +------------------+
                  |                                 |
+------------+    |           +----------------+    |        +-------------+
|Business log|----+           |Software Version|----+--------|Server Metric|
+------------+    |           +----------------+    |        +-------------+
                  |                                 |
+-------+         |      +-----------------+        |       +--------------+
|App log|---------+=====>|Formating/analyze|<=======+-------|Security Event|
+-------+                +-----------------+                +--------------+
                                  ||
                                  \/
  +-------------------+      +----------+     +----------+      +----------+
  |threat intelligence|=====>|Enrichment|<====|Extra Data|<==+--|Whois Data|
  +-------------------+      +----------+     +----------+   |  +----------+
          /\                      ||                         |
          ||                      ||           +--------+    |    +--------+
+----------------------+          ||           |CIF Data|----+----|Geo Data|
|Vulnerability Database|          ||           +--------+         +--------+
+----------------------+          ||                         
                                  ||
                                  \/
++================================++
||                       
||                       
||                       
||   +-------------------+    
++==>|application analyze|------------+    
||   +-------------------+            |        +-------+
||                                    |=======>| Store |
||   +------------------------+       |        +-------+
++==>|Vulnerability Management|-------+                               
||   +------------------------+       |        +-----------------+          +-----+
||                                    |=======>|Realtime indexing|=========>|WebUI|
||   +-----------+                    |        +-----------------+          +-----+
||==>|Log analyze|--------------------+
||   +-----------+                    |        +--------------+           +------------------+
||                                    |=======>|Abnormal alert|---+======>|Automatic Response|
||   +---------------------+          |        +--------------+   |       +------------------+
||==>|Deep packet inspector|----------+                           |
||   +---------------------+                 ++===================+
||                                           ||
||                                           \/
||   +----------------+  use for   +-------------------+        +---------------------------+
||==>|Store raw packet|===========>|Reconstruct Traffic|=======>|Security Response/Forensics|
||   +----------------+            +-------------------+        +---------------------------+
||                                                                          /\
||   +----------------+                                                     ||
++==>|Rule-based alert|=====================================================++
     +----------------+