Building an analytical system for event analysis to ensure information security of the enterprise

The task of ensuring information security of critical information structures in the Russian Federation is brought to the state level. It requires ensuring the security of information systems, communication networks and technological systems. To prevent possible incidents and meet the requirements of the state the organizations should create a security system for the critical information structures, ensure its functionality, and connect it to National coordination center for computer incidents in order to collect and exchange information about computer attacks. In this paper the authors present an approach to the development of an analytical system for information security based on machine learning, which allow analyzing a large number of events and making informed decisions on information security management. A list of the main sources of information security events of systems and networks was worked out, and a classification of events for further analysis using machine learning was proposed. By classifying the events obtained from different systems, as well as applying an integrated approach to assessing the situation, it is possible to draw a conclusion about the state of the entire object to be protected in real time.