System and method for enhancing event correlation with exploitation of external data

US 20060294222A1
Filed: 06/22/2005
Published: 12/28/2006
Est. Priority Date: 06/22/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving an event over a computer network;

identifying a correlation rule that corresponds to the event;

retrieving external data based upon the identified correlation rule;

determining whether to monitor the event based upon the external data; and

monitoring the event in response to the determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for enhancing event correlation with exploitation of external data is presented. A correlation engine receives events and selects a correlation rule that corresponds to the events. The correlation rule includes an event selection, a trigger condition, and a correlation conclusion. The correlation engine uses the event selection to access external data and select events based upon the external data. In turn, the correlation engine monitors the selected events and checks whether they meet the correlation rule'"'"'s trigger condition. When the events meet the correlation rule'"'"'s trigger condition, the correlation engine performs an action based upon the correlation rule'"'"'s correlation condition.

Citations

20 Claims

1. A computer-implemented method comprising:
- receiving an event over a computer network;
  
  identifying a correlation rule that corresponds to the event;
  
  retrieving external data based upon the identified correlation rule;
  
  determining whether to monitor the event based upon the external data; and
  
  monitoring the event in response to the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - identifying a trigger condition that corresponds to the correlation rule;
      
      detecting that the identified trigger condition occurred; and
      
      performing a correlation conclusion action in response to the detecting, the correlation conclusion action corresponding to the correlation rule.
  - 3. The method of claim 2 wherein the correlation conclusion action includes modifying the external data.
  - 4. The method of claim 1 wherein the determining further comprises:
    - extracting an event attribute filtering predicate from the correlation rule; and
      
      comparing the event attribute filtering predicate with event attributes that correspond to the event.
  - 5. The method of claim 1 wherein the determining further comprises:
    - extracting an external data filtering predicate from the correlation rule; and
      
      comparing the external data filtering predicate with the external data.
  - 6. The method of claim 1 wherein the external data is not included in the event or the correlation rule.
  - 7. The method of claim 1 wherein event includes an event selection, a trigger condition, and a correlation conclusion.

8. A computer program product comprising:
- a computer operable medium having computer readable code, the computer readable code effective to;
  
  receive an event over a computer network;
  
  identify a correlation rule that corresponds to the event;
  
  retrieve external data based upon the identified correlation rule;
  
  determine whether to monitor the event based upon the external data; and
  
  monitor the event in response to the determination.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8 wherein the computer readable code is further effective to:
    - identify a trigger condition that corresponds to the correlation rule;
      
      detect that the identified trigger condition occurred; and
      
      perform a correlation conclusion action in response to the detecting, the correlation conclusion action corresponding to the correlation rule.
  - 10. The computer program product of claim 9 wherein the correlation conclusion action includes modifying the external data.
  - 11. The computer program product of claim 8 wherein the computer readable code is further effective to:
    - extract an event attribute filtering predicate from the correlation rule; and
      
      compare the event attribute filtering predicate with event attributes that correspond to the event.
  - 12. The computer program product of claim 8 wherein the computer readable code is further effective to:
    - extract an external data filtering predicate from the correlation rule; and
      
      compare the external data filtering predicate with the external data.
  - 13. The computer program product of claim 8 wherein the external data is not included in the event or the correlation rule.
  - 14. The computer program product of claim 8 wherein event includes an event selection, a trigger condition, and a correlation conclusion.

15. An information handling system comprising:
- one or more processors;
  
  a memory accessible by the processors;
  
  one or more nonvolatile storage devices accessible by the processors; and
  
  an event correlation tool effective to;
  
  receive an event over a computer network;
  
  identify a correlation rule that corresponds to the event, the correlation rule included in one of the nonvolatile storage devices;
  
  retrieve external data from one of the nonvolatile storage devices based upon the identified correlation rule;
  
  determine whether to monitor the event based upon the external data; and
  
  monitor the event in response to the determination.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The information handling system of claim 15 wherein the event correlation tool is further effective to:
    - identify a trigger condition that corresponds to the correlation rule;
      
      detect that the identified trigger condition occurred; and
      
      perform a correlation conclusion action in response to the detecting, the correlation conclusion action corresponding to the correlation rule.
  - 17. The information handling system of claim 16 wherein the correlation conclusion action includes modifying the external data that is included in one of the nonvolatile storage devices.
  - 18. The information handling system of claim 15 wherein the event correlation tool is further effective to:
    - extract an event attribute filtering predicate from the correlation rule; and
      
      compare the event attribute filtering predicate with event attributes that correspond to the event.
  - 19. The information handling system of claim 15 wherein the event correlation tool is further effective to:
    - extract an external data filtering predicate from the correlation rule; and
      
      compare the external data filtering predicate with the external data.
  - 20. The information handling system of claim 15 wherein the external data is not included in the received event or the correlation rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Araujo, Carlos Cesar Ferreira, Schneider, Juergen, Biazetti, Ana Claudia, Bussani, Anthony, Dinger, John E., Feridun, Metin

Granted Patent

US 7,613,808 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 41/0631 using root cause analysis; ...

H04L 43/00 Arrangements for monitoring...

System and method for enhancing event correlation with exploitation of external data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for enhancing event correlation with exploitation of external data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links