{"id":14574,"date":"2026-06-04T19:06:37","date_gmt":"2026-06-04T16:06:37","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=14574"},"modified":"2026-06-04T19:06:37","modified_gmt":"2026-06-04T16:06:37","slug":"kaspersky-siem-correlation-evolution","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/kaspersky-siem-correlation-evolution\/14574\/","title":{"rendered":"SIEM korelasyon kurallar\u0131n\u0131n geli\u015fimi"},"content":{"rendered":"<p>Basit\u00e7e s\u00f6ylemek gerekirse, bir SIEM sisteminin klasik mant\u0131\u011f\u0131 \u015fu \u015fekilde i\u015fler: A olay\u0131 meydana gelir ve ard\u0131ndan B olay\u0131 ger\u00e7ekle\u015firse, bu bir sald\u0131r\u0131 belirtisi olabilir ve bir bilgi g\u00fcvenli\u011fi uzman\u0131na haber verilmelidir. Ancak g\u00fcn\u00fcm\u00fcz ko\u015fullar\u0131nda, bu basit senaryo giderek daha fazla ba\u015far\u0131s\u0131z olmaktad\u0131r. K\u0131sa bir s\u00fcre \u00f6nce, uzmanlar\u0131m\u0131z <a href=\"https:\/\/securelist.com\/notepad-supply-chain-attack\/118708\/\" target=\"_blank\" rel=\"noopener\">\u00e7ok ses getiren bir olay\u0131 inceledi<\/a>: Sald\u0131rganlar, pop\u00fcler Notepad++ yaz\u0131l\u0131m\u0131n\u0131n g\u00fcncelleme altyap\u0131s\u0131n\u0131 ele ge\u00e7irdi ve g\u00fcncelleme mekanizmas\u0131 arac\u0131l\u0131\u011f\u0131yla k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yayd\u0131. Bu t\u00fcr durumlara kar\u015f\u0131 \u00f6zel olarak tasarlanm\u0131\u015f kurallar\u0131 \u00f6nceden haz\u0131rlamak kesinlikle imkans\u0131zd\u0131r.<\/p>\n<p>Sald\u0131r\u0131lar giderek daha sofistike hale geldi: Sald\u0131rganlar yasal ara\u00e7lar kullan\u0131yor, kurumsal s\u0131n\u0131rlar\u0131n d\u0131\u015f\u0131ndaki yaz\u0131l\u0131mlar\u0131 ele ge\u00e7irerek tedarik zinciri \u00fczerinden sald\u0131r\u0131 d\u00fczenliyor, senaryolar\u0131n\u0131 zaman i\u00e7inde uzat\u0131yor ve eylemlerini normal faaliyetlermi\u015f gibi g\u00f6steriyor. <strong>Ba\u015fka bir deyi\u015fle, altyap\u0131ya \u201cizinsiz girmiyorlar\u201d; \u00e7o\u011fu zaman, oturum a\u00e7\u0131yor ve yasal yaz\u0131l\u0131mlar\u0131 kullan\u0131yorlar. <\/strong>Sonu\u00e7 olarak, ge\u00e7mi\u015fteki klasik sabit kurallar ya devreye girmiyor ya da \u00e7ok fazla yanl\u0131\u015f uyar\u0131 \u00fcretiyor. \u0130\u015fte bu durum, daha esnek korelasyon senaryolar\u0131na do\u011fru bir ge\u00e7i\u015fi tetikledi.<\/p>\n<h2>Dinamik olarak g\u00fcncellenen SIEM i\u00e7eri\u011fi<\/h2>\n<p>G\u00fcn\u00fcm\u00fczde korelasyon i\u00e7eri\u011fi, sabit bir kurallar dizisi de\u011fil, bir s\u00fcre\u00e7tir; s\u00fcrekli geli\u015fmekte ve g\u00fcncel tehditlere uyum sa\u011flamaktad\u0131r. Sadece 2025\u2019te, Kaspersky SIEM sistemimizin farkl\u0131 s\u00fcr\u00fcmleri ve dilleri i\u00e7in 55 kural paketi g\u00fcncellemesi yay\u0131nlad\u0131k. Sadece bir y\u0131l i\u00e7inde, 10 yeni kural paketi ekledik; ayr\u0131ca 250 alg\u0131lama kural\u0131 ve mevcut i\u00e7eri\u011fe say\u0131s\u0131z iyile\u015ftirme yapt\u0131k. Bu y\u0131l, \u015fimdiden 43 yeni kural ekledik ve 63 kural\u0131 daha g\u00fcncelledik. Toplamda bu, MITRE ATT&amp;CK \u00e7er\u00e7evesinin \u00f6nemli bir b\u00f6l\u00fcm\u00fcn\u00fc kapsayan 850\u2019den fazla kural anlam\u0131na geliyor.<\/p>\n<p>Kaspersky SIEM kurallar\u0131, ger\u00e7ek hayattaki g\u00fcncel sald\u0131r\u0131lar\u0131 analiz eden uzmanlar\u0131m\u0131z\u0131n bulgular\u0131na dayan\u0131larak yaz\u0131l\u0131r: Bu kurallar\u0131 olu\u015ftururken \u00f6ncelikle Managed Detection and Response (MDR) hizmetimizden ve tehdit ara\u015ft\u0131rmalar\u0131m\u0131zdan elde etti\u011fimiz bulgulardan yararlan\u0131r\u0131z. Sonu\u00e7 olarak, kurallar\u0131m\u0131z; ke\u015fif faaliyetlerinden ayr\u0131cal\u0131k y\u00fckseltmeye kadar, sald\u0131rganlar taraf\u0131ndan kullan\u0131lan en yeni y\u00f6ntemleri i\u00e7eren senaryolar\u0131 kapsamaktad\u0131r. \u00d6rne\u011fin, <a href=\"https:\/\/securelist.com\/toolshell-explained\/117045\/\" target=\"_blank\" rel=\"noopener\">ToolShell<\/a> gibi yeni sald\u0131r\u0131 tekniklerinin kullan\u0131ld\u0131\u011f\u0131n\u0131 tespit ediyoruz.<\/p>\n<p>Planl\u0131 g\u00fcncellemelerin yan\u0131 s\u0131ra, ekip d\u00fczenli olarak \u201cacil durum i\u00e7eri\u011fi\u201d olarak adland\u0131r\u0131lan, yeni ve beklenmedik sald\u0131r\u0131 tekniklerine h\u0131zl\u0131 bir \u015fekilde m\u00fcdahale etmek i\u00e7in tasarlanm\u0131\u015f kural setleri yay\u0131nlamaktad\u0131r. \u00d6rne\u011fin \u015eubat ay\u0131nda, <a href=\"https:\/\/www.kaspersky.com\/blog\/forticloud-authentication-siem-rules\/55241\/\" target=\"_blank\" rel=\"noopener nofollow\">Fortinet \u00fcr\u00fcnlerinde SSO mekanizmas\u0131 yoluyla kimlik do\u011frulama atlat\u0131lmas\u0131na y\u00f6nelik<\/a> tespit kurallar\u0131 yay\u0131nland\u0131: Sald\u0131rganlar, kimlik bilgileri olmadan sistemlere eri\u015fim sa\u011flamak i\u00e7in \u00f6zel olarak haz\u0131rlanm\u0131\u015f SAML talepleri kulland\u0131lar.<\/p>\n<h2>Olaylardan sald\u0131r\u0131 zincirlerine<\/h2>\n<p>Ayr\u0131ca, modern SIEM kurallar\u0131 art\u0131k tek tek olaylar\u0131 de\u011fil, eylem dizilerini tan\u0131mlamaktad\u0131r. Senaryolar; ilk eri\u015fimden, ayr\u0131cal\u0131k y\u00fckseltmeye ve kal\u0131c\u0131l\u0131\u011fa kadar bir sald\u0131r\u0131n\u0131n a\u015famalar\u0131 etraf\u0131nda \u015fekillenir. Kaspersky SIEM\u2019in etkinli\u011fi, Kaspersky EDR ile entegrasyon ve Active Directory i\u00e7in \u00f6zel kural setleri sayesinde art\u0131r\u0131lm\u0131\u015ft\u0131r; bu kural setleri, \u00e7e\u015fitli a\u015famalarda d\u00fczinelerce sald\u0131r\u0131 tespit senaryosunu hayata ge\u00e7irir. Bu yakla\u015f\u0131m, sadece tek tek sinyalleri de\u011fil, b\u00fct\u00fcn resmi g\u00f6rmemizi sa\u011flar.<\/p>\n<h2>Entegrasyon ve kurum i\u00e7i \u015feffafl\u0131k<\/h2>\n<p>Bir SIEM sisteminin etkinli\u011fini art\u0131rman\u0131n bir ba\u015fka yolu da veri kaynaklar\u0131n\u0131 geni\u015fletmektir. Klasik bir SIEM; g\u00fcnl\u00fcklerden u\u00e7 noktalardan ve i\u00e7 sistemlerden gelen telemetri verilerine kadar altyap\u0131n\u0131n farkl\u0131 kademelerinden gelen olaylar\u0131 toplar. Bunun yan\u0131 s\u0131ra, SIEM sistemimiz di\u011fer \u00e7\u00f6z\u00fcmlerimiz (Kaspersky Security Center, Kaspersky Security for Mail Groups, Kaspersky Anti Targeted Attack platformu) i\u00e7in \u00f6zel kural setleri i\u00e7erir. Bu kural setleri; y\u00f6netici eylemlerinin, kimlik do\u011frulaman\u0131n ve hizmet durumunun izlenmesini sa\u011flar. Sonu\u00e7 olarak, sistem sadece sald\u0131r\u0131lar\u0131 tespit etmekle kalmay\u0131p, ayn\u0131 zamanda i\u00e7 faaliyetleri izlemek i\u00e7in de bir ara\u00e7 haline gelir.<\/p>\n<p>Genel olarak, SIEM art\u0131k sadece bir dizi kuraldan ibaret de\u011fil, s\u00fcrekli g\u00fcncellenen bir tespit sistemine d\u00f6n\u00fc\u015fm\u00fc\u015f durumdad\u0131r. Etkinli\u011fi, tespitlerin say\u0131s\u0131na de\u011fil, bunlar\u0131n alaka d\u00fczeyine, tutarl\u0131l\u0131\u011f\u0131na ve sald\u0131rganlar\u0131n ger\u00e7ek eylemlerini ne kadar do\u011fru bir \u015fekilde yans\u0131tt\u0131\u011f\u0131na g\u00f6re belirlenir. Kaspersky Unified Monitoring and Analysis Platform (SIEM) ile ilgili en son geli\u015fmeleri <a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/unified-monitoring-and-analysis-platform?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">resmi \u00fcr\u00fcn sayfam\u0131zdan<\/a> takip edebilirsiniz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"mdr\"><input type=\"hidden\" class=\"placeholder_for_banner\" data-cat_id=\"mdr\" value=\"13478\">\n","protected":false},"excerpt":{"rendered":"<p>D\u00fczenli olarak yeni SIEM kurallar\u0131 olu\u015fturuyoruz, ancak bunun ard\u0131nda daha temel bir s\u00fcre\u00e7 yat\u0131yor: Korelasyon kurallar\u0131n\u0131n kendisinin geli\u015fimi.<\/p>\n","protected":false},"author":2757,"featured_media":14575,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[1564,2213,2863,1936],"class_list":{"0":"post-14574","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-hesaplar","10":"tag-iliskilendirme","11":"tag-korelasyon-kurallari","12":"tag-siem"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/kaspersky-siem-correlation-evolution\/14574\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/kaspersky-siem-correlation-evolution\/30712\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/kaspersky-siem-correlation-evolution\/25764\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/kaspersky-siem-correlation-evolution\/30562\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/kaspersky-siem-correlation-evolution\/32141\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/kaspersky-siem-correlation-evolution\/41787\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/kaspersky-siem-correlation-evolution\/55761\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/kaspersky-siem-correlation-evolution\/23963\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/kaspersky-siem-correlation-evolution\/25021\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/kaspersky-siem-correlation-evolution\/33525\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/kaspersky-siem-correlation-evolution\/30619\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/kaspersky-siem-correlation-evolution\/36221\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/kaspersky-siem-correlation-evolution\/36114\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/siem\/","name":"siem"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2757"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=14574"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14574\/revisions"}],"predecessor-version":[{"id":14577,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14574\/revisions\/14577"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/14575"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=14574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=14574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=14574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}