MONITORING FOR ANOMALIES IN A COMPUTING ENVIRONMENT
First Claim
Patent Images
1. A method of monitoring for anomalies in a computing environment comprising, with a processor:
- building an anomaly detection system based on topology guided statistical analysis; and
creating a number of correlation rules based on a number of detected anomalies and information provided by a security alerts database.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of monitoring for anomalies in a computing environment comprises, with a processor building an anomaly detection system based on topology guided statistical analysis, and creating a number of correlation rules based on a number of detected anomalies and information provided by a security alerts database.
34 Citations
15 Claims
-
1. A method of monitoring for anomalies in a computing environment comprising, with a processor:
-
building an anomaly detection system based on topology guided statistical analysis; and creating a number of correlation rules based on a number of detected anomalies and information provided by a security alerts database. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A hybrid intrusion detection system (IDS), comprising:
-
a configuration management database to store data regarding a number of configuration items within a computing environment; a performance management database to store data related to resource usage metrics; a security alert database to store data associated with a number of security alerts; and a computing device comprising; a processor; and a data storage device to store; a topology guided anomaly detection module that, when executed by the processor, detects a number of anomalies using topology guided statistical analysis; and a topology guided correlation module that, when executed by the processor, creates a number of correlation rules based on a number of flagged anomalies and the information provided by the security alerts database. - View Dependent Claims (9, 10, 11)
-
-
12. A computer program product for monitoring for anomalies in a computing environment, the computer program product comprising:
a non-transitory computer readable storage medium comprising computer usable program code embodied therewith, the computer usable program code comprising; computer usable program code to, when executed by a processor, store transaction and performance data enriched by topology data within a performance management database; and computer usable program code to, when executed by a processor, identify a number of metrics for each of a number of configuration items in the topology of a web application. - View Dependent Claims (13, 14, 15)
Specification