Automatic research and judgment method for network security conjoint analysis

The invention discloses an automatic studying and judging method for network security conjoint analysis, which comprises the following steps of: constructing a conjoint analysis engine by integrating a sabre streaming analysis engine, an offline analysis engine and an alarm merging engine, and generating alarm data by receiving standardized log data and combining the running of a Sabre streaming of the conjoint analysis engine and an analysis engine rule; the problems of low effectiveness and low real-time performance of network security research and judgment are solved, and the network monitoring and defense capabilities are enhanced. 本发明公开了一种网络安全联合分析自动研判方法，所述方法包括：通过整合sabre流式分析、离线分析及告警归并引擎，构建联合分析引擎，通过接收标准化日志数据，结合联合分析引擎的Sabre流式和分析引擎规则运行后产生告警数据；解决了网络安全研判的有效性和实时性低的问题，增强了网络监控和防御能力。