Autonomic incident triage prioritization by performance modifier and temporal decay parameters
First Claim
Patent Images
1. A method for autonomic incident triage prioritization of incidents affecting a plurality of computer systems, the method performed by a computing module comprising:
- receiving user defined parameters associated with each of the computer systems and receiving asset parameters associated with each asset contained within each of the computer systems;
receiving incidents affecting assets of the computer systems;
computing an incident asset score for each incident whereby the incident asset score for each incident is computed using the asset parameters associated with each asset contained within each computer system;
assigning incident severity values to each of the received incidents;
computing incident severity scores for each of the received incidents based on the incident severity value of the incident and the incident asset score of the incident;
generating a prioritized incident list based on the incident severity scores of the received incidents;
providing the prioritized incident list to security analysts;
retrieving, for each incident, identities of assets affected by the incident, wherein for each asset affected by the incident, retrieving identities of all the assets contained in a computer system related to the affected asset;
retrieving severity weightage values accorded to all the retrieved identities of assets wherein the severity weightage values are contained within the received asset parameters; and
computing the incident asset score for each incident by summing severity weightage values of assets contained in a computer system affected by the incident, summing the severity weightage values of all the assets in the computer system, and dividing the summed severity weightage values of assets contained in the computer system affected by the incident with the summed severity weightage values of all the assets in the computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention relates to a system and method for prioritizing an incident triage process in an autonomic manner. In particular, the system employs performance modifier indicators and temporal decay parameters to autonomously compile, adjust and demonstrate a list of prioritized incidents in a dynamic manner.
37 Citations
20 Claims
-
1. A method for autonomic incident triage prioritization of incidents affecting a plurality of computer systems, the method performed by a computing module comprising:
-
receiving user defined parameters associated with each of the computer systems and receiving asset parameters associated with each asset contained within each of the computer systems; receiving incidents affecting assets of the computer systems; computing an incident asset score for each incident whereby the incident asset score for each incident is computed using the asset parameters associated with each asset contained within each computer system; assigning incident severity values to each of the received incidents; computing incident severity scores for each of the received incidents based on the incident severity value of the incident and the incident asset score of the incident; generating a prioritized incident list based on the incident severity scores of the received incidents; providing the prioritized incident list to security analysts; retrieving, for each incident, identities of assets affected by the incident, wherein for each asset affected by the incident, retrieving identities of all the assets contained in a computer system related to the affected asset; retrieving severity weightage values accorded to all the retrieved identities of assets wherein the severity weightage values are contained within the received asset parameters; and computing the incident asset score for each incident by summing severity weightage values of assets contained in a computer system affected by the incident, summing the severity weightage values of all the assets in the computer system, and dividing the summed severity weightage values of assets contained in the computer system affected by the incident with the summed severity weightage values of all the assets in the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 17, 18, 19)
-
-
11. A system for autonomic incident triage prioritization of incidents affecting a plurality of computer systems, the system comprising:
-
a processing unit; and a non-transitory media readable by the processing unit, the media storing instructions that when executed by the processing unit, cause the processing unit to; receive user defined parameters associated with each of the computer systems and receiving asset parameters associated with each asset contained within each of the computer systems; receive incidents affecting assets of the computer systems; compute an incident asset score for each incident whereby the incident asset score for each incident is computed using the asset parameters associated with each asset contained within each computer system; assign incident severity values to each of the received incidents; compute incident severity scores for each of the received incidents based on the incident severity value of the incident and the incident asset score of the incident; generate a prioritized incident list based on the incident severity scores of the received incidents; provide the prioritized incident list to security analysts; instructions for directing the processing unit to; retrieve, for each incident, identities of assets affected by the incident, wherein for each asset affected by the incident, retrieving identities of all the assets contained in a computer system related to the affected asset; retrieve severity weightage values accorded to all the retrieved identities of assets wherein the severity weightage values are contained within the received asset parameters; compute the incident asset score for each incident by summing severity weightage values of assets contained in a computer system affected by the incident, summing the severity weightage values of all the assets in the computer system, and divide the summed severity weightage values of assets contained in the computer system affected by the incident with the summed severity weightage values of all the assets in the computer system. - View Dependent Claims (12, 13, 14, 15, 16, 20)
-
Specification