{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T16:55:57Z","timestamp":1754153757045,"version":"3.41.2"},"reference-count":0,"publisher":"ECMS","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,6,24]]},"abstract":"<jats:p>The article focuses on the implementation and configuration of the Splunk Enterprise Security SIEM (Security Information and Event Management) system in a test environment. The objective of the research was to analyze the system's effectiveness in detecting cyber threats, its practical application, and optimization possibilities. As part of the experiments, simulations of real-world attacks\u2014such as brute-force attempts, privilege escalation, and network configuration changes\u2014were conducted to verify the effectiveness of custom detection rules.\n\nThe study included a detailed assessment of the SIEM architecture, the process of creating and optimizing detection rules, and an analysis of the system's effectiveness in threat detection. Particular attention was given to the issue of false positives and methods for their minimization. Additionally, challenges related to log configuration and management were analyzed, and the impact of customized detection rules on the system's overall efficiency was evaluated.\n\nThe analysis results indicate that proper configuration of the SIEM system can significantly enhance IT security by reducing detection and response times for incidents. However, the system's effectiveness largely depends on its adaptation to the specific requirements of an organization. The conclusions drawn from this research can serve as a foundation for further work on optimizing SIEM systems and integrating them with advanced automation and behavioral analysis technologies.<\/jats:p>","DOI":"10.7148\/2025-0269","type":"proceedings-article","created":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T12:36:52Z","timestamp":1753274212000},"page":"269-275","source":"Crossref","is-referenced-by-count":0,"title":["Implementation Of A SIEM System Using Splunk And The Enterprise Security Module And Analysis Of Its Effectiveness In Detecting Cyber Threats"],"prefix":"10.7148","author":[{"given":"Maciej","family":"Kozak","sequence":"first","affiliation":[]},{"given":"Anna","family":"Plichta","sequence":"additional","affiliation":[]}],"member":"4144","published-online":{"date-parts":[[2025,6,24]]},"event":{"name":"39th ECMS International Conference on Modelling and Simulation"},"container-title":["ECMS 2025 Proceedings edited by Marco Scarpa, Salvatore Cavalieri, Salvatore Serrano, Fabrizio De Vita"],"original-title":[],"deposited":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T12:36:54Z","timestamp":1753274214000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.scs-europe.net\/dlib\/2025\/2025-0269.html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,24]]},"references-count":0,"URL":"https:\/\/doi.org\/10.7148\/2025-0269","relation":{},"subject":[],"published":{"date-parts":[[2025,6,24]]}}}