System and method for managing alert indications in an enterprise
First Claim
Patent Images
1. A method of declaring an incident in an enterprise comprising:
- providing a number of alert indications containing information concerning an incident related to the enterprise; and
either comparing one or more of the alert indications to a set of rules, and if a match occurs between the set of rules, and the alert indication, declaring an incident based on the match, or comparing one or more of the alert indications to a decision table containing a number of defined alert events;
remembering each alert indication that matches one of the defined alert events, comparing the remembered alert indication to correlation data in the decision table, and if a match occurs between the remembered alert indication and the correlation data, declaring an incident based on the match;
or if no match occurs between the alert indication and the correlation data or the rules set, declare an incident if the alert indication meets a defined default threshold value.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing alert incidents or indications in an enterprise processes information about the enterprise using tables, databases, and rules to determine whether the information is worthy of declaring an incident for action to be taken. The inputted information is filtered and throttled using the rules, decision tables, databases and defaults to display the incident in a useful format that shows a defined conclusion for analysis.
-
Citations
22 Claims
-
1. A method of declaring an incident in an enterprise comprising:
-
providing a number of alert indications containing information concerning an incident related to the enterprise; and
eithercomparing one or more of the alert indications to a set of rules, and if a match occurs between the set of rules, and the alert indication, declaring an incident based on the match, or comparing one or more of the alert indications to a decision table containing a number of defined alert events;
remembering each alert indication that matches one of the defined alert events, comparing the remembered alert indication to correlation data in the decision table, and if a match occurs between the remembered alert indication and the correlation data, declaring an incident based on the match;
orif no match occurs between the alert indication and the correlation data or the rules set, declare an incident if the alert indication meets a defined default threshold value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21, 22)
-
-
10. A system for declaring an incident in an enterprise comprising:
-
a) a decision table containing a number of defined alert events, and a set of correlation data that identifies patterns in alert indications inputted to the decision table, the decision table remembering inputted alert indications matching defined alert events, and declaring an incident if a match occurs between remembered alert indications and the correlated data;
a set of rules containing a number of query statements, wherein a match between at least one of the rules and the inputted alert indications result in an incident declaration; and
a set of default standards specifying a minimum value to declare an incident should a match not occur with the decision tables or set of rules. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification