技術摘要(英)
At present, domestic SOC service providers mostly use "Security Information and Event Management (SIEM)" to aggregate alert events from various security appliance or host audit logs, but still require a significant amount of manpower to analyze those events, and lack assistance technologies or systems for automating or semi-automating the correlation of security events.