SECURITY INFORMATION AND EVENT MANAGEMENT
First Claim
Patent Images
1. A method comprising:
- obtaining, by a security information and event management (SIEM) device, a security event;
calculating, by the SIEM device, a risk level of the security event based on at least a correlation of the security event with one or more asset attributes of a network that is managed by the SIEM device; and
when the risk level meets a predetermined or configurable threshold, then causing, by the SIEM device, the security event to be reported to an administrator of the network.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for conducting correlation analysis for security events with assets attributes of a network by a SIEM device to enable more efficient reporting are provided. According to one embodiment, when a SIEM device obtains a security event, a risk level of the security event is calculated based on at least a correlation of the security event with one or more asset attributes of a network that is managed by the SIEM device. When the risk level meets a predetermined or configurable threshold, the SIEM device causes the security event to be reported to an administrator of the network.
378 Citations
22 Claims
-
1. A method comprising:
-
obtaining, by a security information and event management (SIEM) device, a security event; calculating, by the SIEM device, a risk level of the security event based on at least a correlation of the security event with one or more asset attributes of a network that is managed by the SIEM device; and when the risk level meets a predetermined or configurable threshold, then causing, by the SIEM device, the security event to be reported to an administrator of the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system comprising:
-
a non-transitory storage device having tangibly embodied therein instructions representing a security application; and one or more processors coupled to the non-transitory storage device and operable to execute the security application to perform a method comprising; obtaining, by a security information and event management (SIEM) device, a security event; calculating, by the SIEM device, a risk level of the security event based on at least a correlation of the security event with one or more asset attributes of a network that is managed by the SIEM device; and when the risk level meets a predetermined or configurable threshold, then causing, by the SIEM device, the security event to be reported to an administrator of the network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification