关键词: 国产生态, 网络安全运维, 事件处置, 自动化响应, SOAR

Abstract: With the increasingly complex and serious of the international situation, it’ urgent for China to develop basic software and hardware products and their ecological industrial chain based on autonomy and control. The improvement of the industrial chain has promoted the widespread promotion of network localization alternative projects. For a long time, cyber security incidents such as external cyber-attacks and internal threats have occurred frequently. It is a hot issue for network operators how to fully integrate the advantages of the independent and controllable industrial chain, and improve the ability of network security operation and incident disposal. This paper will combine the domestic product ecology and the characteristics of network construction, discuss the key technologies of network security operation and automatic event disposal mechanism technology, build multi-source data fusion between management ability as well as ecological products within the coordinated ability, solve the long-term problems of data fragmentation and low efficiency of event disposal, realize the comprehensive analysis of security incidents as well as efficient automatic response and disposal, and enhance the network security operation ability of domestic product ecology.

Key words: domestic product ecology, network security operation, event handling, automatic response, SOAR