Security incident manager
First Claim
1. A method of managing security incidents including the steps of:
- receiving a raw event from a monitored device;
assigning a respective score for each of severity, relevance, and credibility to the raw event; and
forwarding the raw event to an event processor based on the respective scores.
2 Assignments
0 Petitions
Accused Products
Abstract
A security incident manger includes events and network flows in the analysis of an attack to better identify the magnitude of the attack and how to handle the situation. The raw events are reported by monitored devices and the incident manager may request network flows from various devices corresponding to a raw event. The manager then assigns a variable score to the severity, the relevance and the credibility of the event to determine its next processing steps. Those events that appear to be a likely and effective attack are classified as offenses. Offenses are stored in order to provide additional data for evaluating future events and for building a “rap sheet” against repeat attackers and repeat events.
51 Citations
14 Claims
-
1. A method of managing security incidents including the steps of:
-
receiving a raw event from a monitored device;
assigning a respective score for each of severity, relevance, and credibility to the raw event; and
forwarding the raw event to an event processor based on the respective scores. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification