| CPC H04L 63/1433 (2013.01) [H04L 9/40 (2022.05); H04L 63/1425 (2013.01); H04L 63/20 (2013.01); H04L 69/00 (2013.01)] | 20 Claims |
|
1. A validity verification method comprising:
receiving, using at least one processor, an event to be analyzed from a security information & event management (SIEM) server, the event to be analyzed corresponding to a potential attack, the event to be analyzed selected by the SIEM server from a plurality of events detected by different security devices based on a desired correlation rule used to filter the plurality of events received by the different security devices;
registering, using the at least one processor, the event to be analyzed;
collecting, using the at least one processor, raw data associated with the registered event from a security device corresponding to the registered event among the different security devices in response to the registration of the event;
acquiring, using the at least one processor, location information of an intended network location associated with a network attack based on the collected raw data;
simulating, using the at least one processor, a network attack using the acquired location information based on the network attack corresponding to the registered event;
determining, using the at least one processor, a validity status of the registered event based on the simulated network attack;
generating, using the at least one processor, an exceptional processing message of the registered event based on results of the determining the validity status of the registered event; and
transmitting, using the at least one processor, the generated exceptional processing message to the SIEM server.
|