Event monitoring and management
First Claim
Patent Images
1. A method of event notification comprising:
- receiving a first report of a condition;
sending a first notification message about said first report of said condition;
sending a second notification message about said condition at a first notification interval;
receiving subsequent reports at fixed time intervals;
sending a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval, wherein said condition is one of a plurality of conditions used in determining a derived parameter having a value based on a first set of one or more of said plurality of conditions and a second set of one or more of said plurality of conditions, wherein said derived parameter has a value indicating an attack when an occurrence of said first set of one or more conditions is followed by an occurrence of said second set of one or more conditions within a predetermined time interval;
andsending a third notification message when said derived parameter indicates an attack.
11 Assignments
0 Petitions
Accused Products
Abstract
Described are techniques used in monitoring the performance, security and health of a system used in an industrial application. Agents included in the industrial network report data to an appliance or server. The appliance stores the data and determines when an alarm condition has occurred. Notifications are sent upon detecting an alarm condition. The alarm thresholds may be user defined. A threat thermostat controller determines a threat level used to control the connectivity of a network used in the industrial application.
-
Citations
34 Claims
-
1. A method of event notification comprising:
-
receiving a first report of a condition; sending a first notification message about said first report of said condition; sending a second notification message about said condition at a first notification interval; receiving subsequent reports at fixed time intervals; sending a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval, wherein said condition is one of a plurality of conditions used in determining a derived parameter having a value based on a first set of one or more of said plurality of conditions and a second set of one or more of said plurality of conditions, wherein said derived parameter has a value indicating an attack when an occurrence of said first set of one or more conditions is followed by an occurrence of said second set of one or more conditions within a predetermined time interval; and sending a third notification message when said derived parameter indicates an attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 31, 32, 33, 34)
-
-
12. A method of event notification comprising:
-
receiving a first report of a condition at a reporting destination; sending a first notification message from said reporting destination to a notification destination when a derived parameter indicates an attack, said derived parameter having a value based on a first set of one or more conditions and a second set of one or more conditions, wherein said derived parameter has a value indicating an attack when an occurrence of said first set of one or more conditions is followed by an occurrence of said second set of one or more conditions within a predetermined time interval; and sending a second notification message from said reporting destination to said notification destination, said second notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of;
a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target. - View Dependent Claims (13, 14, 15)
-
-
16. A computer program product for event notification comprising code that:
-
receives a first report of a condition; sends a first notification message about said first report of said condition; sends a second notification message about said condition at a first notification interval; receives subsequent reports at fixed time intervals; sends a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval, wherein said condition is one of a plurality of conditions used in determining a derived parameter having a value based on a first set of one or more of said plurality of conditions and a second set of one or more of said plurality of conditions, wherein said derived parameter has a value indicating an attack when an occurrence of said first set of one or more conditions is followed by an occurrence of said second set of one or more conditions within a predetermined time interval; and sends a third notification message when said derived parameter indicates an attack. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program product for event notification comprising code that:
-
receives a first report of a condition at a reporting destination; and sends a first notification message from said reporting destination to a notification destination when a derived parameter indicates an attack, said derived parameter having a value based on a first set of one or more conditions and a second set of one or more conditions, wherein said derived parameter has a value indicating an attack when an occurrence of said first set of one or more conditions is followed by an occurrence of said second set of one or more conditions within a predetermined time interval; sends a second notification message from said reporting destination to said notification destination, said second notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of;
a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target. - View Dependent Claims (28, 29, 30)
-
Specification