Method and apparatus for automatically correlating related incidents of policy violations
First Claim
Patent Images
1. A computer-implemented method, comprising:
- identifying a plurality of incidents of violations of a policy upon detecting presence of confidential information in a plurality of messages;
storing the plurality of violation incidents of the policy in a data repository, wherein each of the plurality of violation incidents is associated with a plurality of message attribute values;
receiving a user request to correlate one of the plurality of violation incidents of the policy stored in the data repository to other incidents of the plurality of violation incidents of the policy based on at least one common message attribute value, the user request specifying the at least one common message attribute value associated with the violation incident to be correlated;
in response to the user request, automatically correlating a requested violation incident with the other incidents of the plurality of violation incidents of the policy based on the at least one specified common message attribute value, wherein automatically correlating comprises searching the data repository using the at least one common message attribute value and finding other violation incidents of the policy having the at least one message attribute value;
displaying the at least one message attribute value of the requested violation incident; and
for each of the at least one message attribute value, displaying a count of the number of other violation incidents of the policy that have in common the message attribute value with the requested violation incident.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for automatically correlating policy violation incidents. In one embodiment, the method includes receiving user input identifying one of policy violation incidents stored in a data repository, where each policy violation incident is associated with one or more attributes. The method further includes automatically correlating the identified policy violation incident with other policy violation incidents that have in common at least one attribute with the identified policy violation incident, and presenting the resulting correlation information to a user.
-
Citations
19 Claims
-
1. A computer-implemented method, comprising:
-
identifying a plurality of incidents of violations of a policy upon detecting presence of confidential information in a plurality of messages; storing the plurality of violation incidents of the policy in a data repository, wherein each of the plurality of violation incidents is associated with a plurality of message attribute values; receiving a user request to correlate one of the plurality of violation incidents of the policy stored in the data repository to other incidents of the plurality of violation incidents of the policy based on at least one common message attribute value, the user request specifying the at least one common message attribute value associated with the violation incident to be correlated; in response to the user request, automatically correlating a requested violation incident with the other incidents of the plurality of violation incidents of the policy based on the at least one specified common message attribute value, wherein automatically correlating comprises searching the data repository using the at least one common message attribute value and finding other violation incidents of the policy having the at least one message attribute value; displaying the at least one message attribute value of the requested violation incident; and for each of the at least one message attribute value, displaying a count of the number of other violation incidents of the policy that have in common the message attribute value with the requested violation incident. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus, comprising:
-
memory to store a plurality of violation incidents of a policy, wherein each of the plurality of violation incidents is associated with a plurality of message attributes values; a processor, coupled to the memory, to identify the plurality of violation incidents of the policy upon detecting presence of confidential information in a plurality of messages, to provide a user interface to receive a user request to correlate one of the plurality of stored violation incidents of the policy in the memory to other incidents of the plurality of violation incidents of the policy based on at least one common message attribute value, the user request specifying the at least one common message attribute value associated with the violation incident to be correlated; and a correlation engine, executed by the processor, to automatically correlate a requested violation incident with the other incidents of the plurality of violation incidents of the policy based on the at least one specified common message attribute value, wherein to automatically correlate comprises searching the memory using the at least one common message attribute value and finding other violation incidents of the policy having the at least one message attribute value, wherein the user interface is to present resulting correlation information to a user in response to receiving the user input identifying one of the plurality of stored policy violation incidents display the at least one message attribute value of the requested violation incident and for each of the at least one message attribute value, display a count of the number of other violation incidents of the policy that have in common the message attribute value with the requested violation incident. - View Dependent Claims (15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium having instructions stored thereon that when executed by a computer cause the computer to perform a method comprising:
-
identifying a plurality of incidents of violations of a policy upon detecting presence of confidential information in a plurality of messages; storing the plurality of violation incidents of the policy in a data repository, wherein each of the plurality of violation incidents is associated with a plurality of message attribute values; receiving a user request to correlate one of the plurality of violation incidents of the policy stored in the data repository to other incidents of the plurality of violation incidents of the policy based on at least one common message attribute value, the user request specifying the at least one common message attribute value associated with the violation incident to be correlated; in response to the user request, automatically correlating a requested violation incident with the other incidents of the plurality of violation incidents of the policy based on the at least one specified common message attribute value, wherein automatically correlating comprises searching the data repository using the at least one common message attribute value and finding other violation incidents of the policy having the at least one message attribute value with; displaying the at least one message attribute value of the requested violation incident; and for each of the at least one message attribute value to be correlated, displaying a count of the number of other violation incidents of the policy that have in common the message attribute value with the requested violation incident. - View Dependent Claims (19)
-
Specification