Enterprise Security Management System

PURPOSE: A unified security management system is provided to normalize event logs, generated by various hacking detection systems, into mapping event logs by using a mapping table reclassified according to a detection type and a risk degree. CONSTITUTION: The system comprises an agent(10), a manager(20), and a user interface. The agent(10) includes a collector, a storage, and a controller. The collector collects event logs from hacking detection systems. The storage stores a mapping table reclassified according to a hacking detection type and a risk degree. The controller normalizes the collected event logs into mapping event logs by comparing the collected event logs with the mapping table. The manager receives the normalized mapping event logs, analyzes them, generates corresponding messages according to an analysis result, and transmits the corresponding messages to a console. The user interface analyzes the corresponding messages transmitted from the manager(20), outputs the analyzed corresponding message, and adds or modifies the hacking detection types. If the mapping event log has a low risk, the manager outputs a simple event message as the corresponding message, but if the mapping event log has a high risk, the manager outputs an alarm event message as the corresponding message.