当前的网络环境中，日志被广泛应用，但却并未发挥出应有的作用。因日志的数量巨大且冗余信息的占比较大。仅依靠管理员耗费精力来排查，会遗漏重要信息。而当前网络中常会同时存在多种不同的安全设备，一同构成网络安全防御体系。一次网络攻击会同时在多种安全设备上留下痕迹。

因此本文提出构建安全态势感知系统，利用Beats与Logstash合作收集多种安全设备的日志信息导入Elasticsearch，在Kibana中进行单源日志可视化以及多源日志关联分析，利用这些日志之间的互补性，对安全态势要素信息进行获取、分析与理解。有效地提高警报信息的可靠性，从而进一步提高网络安全态势感知的精确度。

经测试，本系统成功提取到态势要素信息，构建主体安全事件，达成提高安全态势感知精确度的目标。

In the current network environment, logs are widely used, but they have not played their due role. Due to the huge number of logs and the large proportion of redundant information. Only relying on the administrator's effort to troubleshoot, will miss important information. In the current network, many different security devices often exist at the same time, which together constitute a network security defense system. A cyber attack can leave traces on multiple security devices at one attack.

Therefore, this paper proposes to build a security situational awareness system, use Beats and Logstash to collect log information of multiple security devices and import it into Elasticsearch. In Kibana, single-source log visualization and multi-source log correlation analysis are used to take advantage of the complementarity between these logs. Acquire, analyze and understand the information of security situation elements. Effectively improve the reliability of alarm information, thereby further improving the accuracy of network security situation awareness.

After testing, the system successfully extracted the situational element information, constructed the main security incident, and achieved the goal of improving the accuracy of security situational awareness.