Method of managing alerts issued by intrusion detection sensors of an information security system
First Claim
1. A method of managing alerts issued by intrusion detection sensors (11a, 11b, 11c) of an information security system (1) including an alert management system (13), each alert being defined by an alert identifier and an alert content, which method includes the following steps:
- associating with each of the alerts issued by the intrusion detection sensors (11a, 11b, 11c) a description including a conjunction of valued attributes belonging to attribute domains;
organizing the valued attributes belonging to each attribute domain into a taxonomic structure defining generalization relationships between said valued attributes, the plurality of attribute domains thus forming a plurality of taxonomic structures;
completing the description of each of said alerts with sets of values induced by the taxonomic structures on the basis of the valued attributes of said alerts to form complete alerts; and
storing said complete alerts in a logic file system (21) to enable them to be consulted.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of managing alerts issued by intrusion detection sensors (11a, 11b, 11c) of an information security system (1) including an alert management system (13), each alert being defined by an alert identifier and an alert content. Each of the alerts issued by the intrusion detection sensors (11a, 11b, 11c) is associated with a description including a conjunction of valued attributes belonging to attribute domains. The valued attributes belonging to each attribute domain are organized into a taxonomic structure defining generalization relationships between said valued attributes, the plurality of attribute domains thus forming a plurality of taxonomic structures. The description of each of said alerts is completed with sets of values induced by the taxonomic structures on the basis of the valued attributes of said alerts to form complete alerts. The complete alerts are stored in a logic file system (21) to enable them to be consulted.
50 Citations
13 Claims
-
1. A method of managing alerts issued by intrusion detection sensors (11a, 11b, 11c) of an information security system (1) including an alert management system (13), each alert being defined by an alert identifier and an alert content, which method includes the following steps:
-
associating with each of the alerts issued by the intrusion detection sensors (11a, 11b, 11c) a description including a conjunction of valued attributes belonging to attribute domains;
organizing the valued attributes belonging to each attribute domain into a taxonomic structure defining generalization relationships between said valued attributes, the plurality of attribute domains thus forming a plurality of taxonomic structures;
completing the description of each of said alerts with sets of values induced by the taxonomic structures on the basis of the valued attributes of said alerts to form complete alerts; and
storing said complete alerts in a logic file system (21) to enable them to be consulted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. Alert management system for managing alerts issued by intrusion detection sensors (11a, 11b, 11c), each alert being defined by an alert identifier and an alert content, which system includes:
-
processor means for associating with each of the alerts issued by the intrusion detection sensors (11a, 11b, 11c) a description including a conjunction of valued attributes belonging to attribute domains;
processor means for organizing the valued attributes belonging to each attribute domain into a taxonomic structure defining generalization relationships between said valued attributes, the plurality of attribute domains thus forming a plurality of taxonomic structures;
processor means for completing the description of each of said alerts with sets of values induced by the taxonomic structures on the basis of the valued attributes of said alerts to form complete alerts; and
processor means for storing said complete alerts in a logic file system (21) to enable them to be consulted. - View Dependent Claims (13)
-
Specification