%0 Journal Article
%T A Framework for Cybersecurity Alert Distribution and Response Network (ADRIAN)
%A Akarshita Shankar
%A Vijay Madisetti
%J Journal of Software Engineering and Applications
%P 396-420
%@ 1945-3124
%D 2024
%I Scientific Research Publishing
%R 10.4236/jsea.2024.175022
%X Security Information and Event Management (SIEM) platforms are critical for organizations to monitor and manage their security operations centers. However, organizations using SIEM platforms have several challenges such as inefficiency of alert management and integration with real-time communication tools. These challenges cause delays and cost penalties for organizations in their efforts to resolve the alerts and potential security breaches. This paper introduces a cybersecurity Alert Distribution and Response Network (Adrian) system. Adrian introduces a novel enhancement to SIEM platforms by integrating SIEM functionalities with real-time collaboration platforms. Adrian leverages the uniquity of mobile applications of collaboration platforms to provide real-time alerts, enabling a two-way communication channel that facilitates immediate response to security incidents and efficient SIEM platform management. To demonstrate Adrian’s capabilities, we have introduced a case-study that integrates Wazuh, a SIEM platform, to Slack, a collaboration platform. The case study demonstrates all the functionalities of Adrian including the real-time alert distribution, alert customization, alert categorization, and enablement of management activities, thereby increasing the responsiveness and efficiency of Adrian’s capabilities. The study concludes with a discussion on the potential expansion of Adrian’s capabilities including the incorporation of artificial intelligence (AI) for enhanced alert prioritization and response automation.
%K SIEM Platforms
%K Alert Distribution
%K Incident Response Automation
%K SIEM Management
%K Collaboration Platform
%U http://www.scirp.org/journal/PaperInformation.aspx?PaperID=133624