METHODS AND APPARATUS FOR ANALYZING SYSTEM EVENTS
First Claim
1. A method for use in analyzing system events for one or more network systems or computer systems, the method comprising:
- identifying system-event data resulting from system or network events occurring on one or more computer systems that match at least one event rule of an event-rule set in the one or more computer systems or network systems;
normalizing the identified system-event data; and
analyzing the system-event data including at least one of;
determining comparison matching of rules pertaining to the system-event data;
using at least a scoring rule of a scoring-rule configured to assign a score to the system-event data, wherein the score is operable for prioritizing system-event data; and
performing data measurements based on the system-event data.
2 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods facilitate analysis of events associated with network and computer systems. Event data, such as security threats, are comparison matched with event rules of event rule sets associated with each network or computer system to determine whether the items are potentially significant. Additionally, the system-event data may be scored where the score is used for prioritizing system-event data as to their significance. Associated with the comparison matching are various analytics that further analyze event data for measuring and analyzing the system-event data according to various algorithms.
-
Citations
16 Claims
-
1. A method for use in analyzing system events for one or more network systems or computer systems, the method comprising:
-
identifying system-event data resulting from system or network events occurring on one or more computer systems that match at least one event rule of an event-rule set in the one or more computer systems or network systems; normalizing the identified system-event data; and analyzing the system-event data including at least one of; determining comparison matching of rules pertaining to the system-event data; using at least a scoring rule of a scoring-rule configured to assign a score to the system-event data, wherein the score is operable for prioritizing system-event data; and performing data measurements based on the system-event data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15)
-
-
9. The method of claim 9, wherein a Boolean rule/key used to score the current system event data, scores the data based at least in part upon the determined probability.
-
16. An apparatus for use in analyzing system events for one or more network systems or computer systems, the apparatus comprising:
-
an event matcher configured to identify system-event data resulting from system or network events occurring on one or more computer systems that match at least one event rule of an event-rule set in the one or more computer systems or network systems; a normalizer configured to normalize the identified system-event data; and an event comparison engine configured to analyze the system-event data through at least one of; determining comparison matching of rules pertaining to the system-event data; using at least a scoring rule of a scoring-rule configured to assign a score to the system-event data, wherein the score is operable for prioritizing system-event data; and performing data measurements based on the system-event data.
-
Specification