This study must be carried out by the incident response team, since there may be false positives, in which an event is labelled as an incident when it is a simple system error. To avoid these false positives, previous cases can be used to understand the behavior of the Big Data ecosystem better. In this type of environment, it is especially critical to emphasize the analysis of the typical functions that are performed during the operation, i.e., the preparation, analysis and visualization of the data. An intelligence system can be implemented with a view to carrying out that task. This system can use the Big Data ecosystem itself as an engine to perform the machine learning techniques, or it can employ another isolated system. For example, there are SIEM (Security Information and Event Management) systems that are already implemented by using Big Data technology. The use of Big Data analytics can help the incident response team to identify patterns and threats in a more effective way. As an output of this activity, the incidents that have definitely been identified as such will be obtained.

References:

• Anastasov, I., Davcev, D.: SIEM implementation for global and distributed environments. Presented at the 2014 World Congress on Computer Applications and Information Systems, WCCAIS 2014 (2014). https://doi.org/10.1109/WCCAIS.2014.6916651.