摘要 |
In a log analysis cooperation system 1000 including a logger 901 that collects a log of a communication device 904 and stores the log in a storage device, a SIEM apparatus 902 that detects an attack, and a log analysis apparatus 903 that analyzes the log collected by the logger 901, a log analysis cooperation apparatus 1 stores an attack scenario 1104 in a storage device, receives from the SIEM apparatus 902 warning information 1201' including information on the detected attack, computes a predicted occurrence time of an attack predicted to occur subsequent to the detected attack based on the warning information 1201' and the attack scenario 1104, and transmits to the log analysis apparatus 903 a scheduled search 915 to search the log at predicted occurrence time computed. The log analysis apparatus 903 transmits a scheduled search 916 to the logger 901 to search the log at the predicted occurrence time. |