×

Intrusion detection system enrichment based on system lifecycle

  • US 10,671,723 B2
  • Filed: 08/01/2017
  • Issued: 06/02/2020
  • Est. Priority Date: 08/01/2017
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method performed by one or more processors, the method comprising:

  • identifying, at an intrusion detection system, an indication of at least one potentially malicious action occurring in a secured environment monitored by the intrusion detection system;

    identifying, by the intrusion detection system, an initial mitigation action associated with the at least one potentially malicious action;

    accessing, by the intrusion detection system, a lifecycle-based context (LBC) associated with a lifecycle operations manager (LOM), the LOM responsible for managing lifecycle operations associated with at least one component in the secured environment, wherein the LBC stores information associated with at least one lifecycle operation executed by the LOM, and wherein the at least one lifecycle operation executed by the LOM includes at least one of a system copy, a system refresh, a system rename, and a system creation;

    determining, at the intrusion detection system, whether the at least one potentially malicious action associated with the identified indication is associated with at least a portion of the information associated with at least one lifecycle operation executed by the LOM stored in the accessed LBC; and

    in response to determining that the at least one potentially malicious action is associated with one or more of the at least one lifecycle operations;

    triggering an alternative mitigation action, wherein the alternative mitigation action is a less severe action than the initial mitigation action.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×