{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T00:15:23Z","timestamp":1773879323697,"version":"3.50.1"},"reference-count":38,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,7,27]],"date-time":"2022-07-27T00:00:00Z","timestamp":1658880000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,7,27]],"date-time":"2022-07-27T00:00:00Z","timestamp":1658880000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,7,27]]},"DOI":"10.1109\/csr54599.2022.9850281","type":"proceedings-article","created":{"date-parts":[[2022,8,16]],"date-time":"2022-08-16T19:35:46Z","timestamp":1660678546000},"page":"171-177","source":"Crossref","is-referenced-by-count":9,"title":["How to Build a SOC on a Budget"],"prefix":"10.1109","author":[{"given":"Risto","family":"Vaarandi","sequence":"first","affiliation":[{"name":"Tallinn University of Technology,Centre for Digital Forensics and Cyber Security,Tallinn,Estonia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sten","family":"Mases","sequence":"additional","affiliation":[{"name":"Tallinn University of Technology,Centre for Digital Forensics and Cyber Security,Tallinn,Estonia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/CSR51186.2021.9527926"},{"key":"ref33","article-title":"Rfc5425: Transport layer security (tls) transport mapping for syslog","author":"miao","year":"2009"},{"key":"ref32","article-title":"High performance configuration","year":"0","journal-title":"Suricata documentation"},{"key":"ref31","article-title":"Efficient normalization of it log messages under realtime conditions","author":"gerhards","year":"2016"},{"key":"ref30","article-title":"Logstash performance tuning","year":"0","journal-title":"Logstash documentation"},{"key":"ref37","article-title":"Pushing suricata towards 80Gbps and more","author":"appel","year":"2019"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/COGSIMA.2015.7108181"},{"key":"ref35","article-title":"Ten strategies of a world-class cybersecurity operations centre. the mitre corporation","author":"zimmerman","year":"2014"},{"key":"ref34","article-title":"Syslog-ng","year":"0","journal-title":"Syslog-ng home page"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359791"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.3390\/bdcc2040035"},{"key":"ref12","first-page":"1","article-title":"99% false positives: A qualitative study of soc analysts&#x2019; perspectives on security alarms","author":"alahmadi","year":"2022","journal-title":"Proceedings of the 31st USENIX Security Symposium (USENIX Security)"},{"key":"ref13","first-page":"108","article-title":"Development of a virtualized security operations center","volume":"37","author":"de c\u00e9spedes iii","year":"2021","journal-title":"Journal of Computing Sciences in Colleges"},{"key":"ref14","article-title":"Elastic stack","year":"0","journal-title":"Elastic Stack home page"},{"key":"ref15","author":"kavanagh","year":"2021","journal-title":"Gartner Magic Quadrant for Security Information and Event Management"},{"key":"ref16","author":"horovits","year":"2020","journal-title":"The Complete Guide to the ELK Stack"},{"key":"ref17","article-title":"Graylog - industry leading log management","year":"0"},{"key":"ref18","article-title":"Wazuh - the open source security platform","year":"0"},{"key":"ref19","article-title":"Beats","year":"0","journal-title":"Beats home page"},{"key":"ref28","article-title":"A question about the elasticsearch-http driver","year":"0","journal-title":"Syslog-ng mailing list"},{"key":"ref4","article-title":"Common and best practices for security operations centers: Results of the 2019 soc survey","author":"crowley","year":"2019","journal-title":"SANS Bethesda MD USA Tech Rep"},{"key":"ref27","first-page":"278","article-title":"Comparative analysis of open-source log management solutions for security monitoring and network forensics","author":"vaarandi","year":"2013","journal-title":"Proceedings of the 2013 European Conference on Information Warfare and Security"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-47238-6_18"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/GIOTS49054.2020.9119680"},{"key":"ref29","article-title":"Suricata","year":"0","journal-title":"Suricata home page"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354239"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/WETICE.2019.00035"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2017.8004902"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/SACI.2018.8440963"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3045514"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006073"},{"key":"ref20","article-title":"Filebeat","year":"0"},{"key":"ref22","article-title":"Database security cheat sheet","year":"0"},{"key":"ref21","article-title":"Configure the elasticsearch output","year":"0","journal-title":"File-beat documentation"},{"key":"ref24","article-title":"Configure the logstash output","year":"0","journal-title":"File-beat documentation"},{"key":"ref23","article-title":"Logstash","year":"0","journal-title":"Logstash home page"},{"key":"ref26","article-title":"5 logstash alternatives (2022 comparison)","author":"gheorghe","year":"2022","journal-title":"SEMAT blog"},{"key":"ref25","article-title":"Rsyslog","year":"0","journal-title":"Rsyslog home page"}],"event":{"name":"2022 IEEE International Conference on Cyber Security and Resilience (CSR)","location":"Rhodes, Greece","start":{"date-parts":[[2022,7,27]]},"end":{"date-parts":[[2022,7,29]]}},"container-title":["2022 IEEE International Conference on Cyber Security and Resilience (CSR)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9850275\/9850277\/09850281.pdf?arnumber=9850281","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,5]],"date-time":"2022-09-05T20:22:52Z","timestamp":1662409372000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9850281\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,27]]},"references-count":38,"URL":"https:\/\/doi.org\/10.1109\/csr54599.2022.9850281","relation":{},"subject":[],"published":{"date-parts":[[2022,7,27]]}}}