Management of computer security events across distributed systems
First Claim
1. A method for managing system events in a network, comprising:
- receiving, by a computer, a system event initiated by an initiating client associated with a user, wherein the system event comprises a plurality of data elements associated with respective ones of a plurality of system event attributes;
evaluating the plurality of data elements of the system event against a security policy and determining that the system event fails to conform to the security policy for the user, wherein the security policy defines permitted actions for different users in accordance with the plurality of system event attributes;
determining a greatest of a plurality of significance factors assigned to a plurality of data groups that are associated with the plurality of data elements of the system event;
determining whether the system event matches a special attention rule in accordance with the plurality of data elements, wherein the special attention rule defines a prohibited action;
if the system event does not match the special attention rule and the system event fails the security policy, assigning to the system event the greatest of the plurality of significance factors as a severity level; and
if the system event matches the special attentions rule and the system event fails the security policy,comparing the greatest of the plurality of significance factors against a pre-assigned severity level that was pre-assigned to the special attention rule; and
assigning to the system event a greater of the greatest of the plurality of significance factors and the pre-assigned severity level as a severity level.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer receives a system event initiated by an initiating client associated with a user. The system event comprises a plurality of data elements associated with respective ones of a plurality of system event attributes. It is determined that the system event fails to conform to the security policy. A greatest of a plurality of significance factors assigned to a plurality of data groups that are associated with the plurality of data elements of the system event is determined. If the system event does not match a special attention rule, the greatest of the plurality of significance factors is assigned to the system event as a severity level. If the system event matches the special attentions rule, then a greater of the greatest of the plurality of significance factors and the pre-assigned severity level is assigned to the system event as a severity level.
32 Citations
24 Claims
-
1. A method for managing system events in a network, comprising:
-
receiving, by a computer, a system event initiated by an initiating client associated with a user, wherein the system event comprises a plurality of data elements associated with respective ones of a plurality of system event attributes; evaluating the plurality of data elements of the system event against a security policy and determining that the system event fails to conform to the security policy for the user, wherein the security policy defines permitted actions for different users in accordance with the plurality of system event attributes; determining a greatest of a plurality of significance factors assigned to a plurality of data groups that are associated with the plurality of data elements of the system event; determining whether the system event matches a special attention rule in accordance with the plurality of data elements, wherein the special attention rule defines a prohibited action; if the system event does not match the special attention rule and the system event fails the security policy, assigning to the system event the greatest of the plurality of significance factors as a severity level; and if the system event matches the special attentions rule and the system event fails the security policy, comparing the greatest of the plurality of significance factors against a pre-assigned severity level that was pre-assigned to the special attention rule; and assigning to the system event a greater of the greatest of the plurality of significance factors and the pre-assigned severity level as a severity level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for managing system events in a network, comprising:
-
a processor; a storage media having a security policy stored therein, the security policy defining permitted actions for different users in accordance with a plurality of system event attributes; and a storage media encoded with program instructions executable by the processor, the program instructions to; receive a system event initiated by an initiating client associated with a user, the system event configured to act on a recipient client, wherein the system event comprises a plurality of data elements associated with respective ones of a plurality of system event attributes; evaluate the plurality of data elements of the system event against the security policy to determine whether the system event conforms to the security policy for the user; determine a greatest of a plurality of significance factors assigned to a plurality of data groups that are associated with the plurality of data elements of the system event; determine whether the system event matches a special attention rule in accordance with the plurality of data elements, wherein the special attention rule defines a prohibited action; if the system event does not match the special attention rule and the system event fails the security policy, assign to the system event the greatest of the plurality of significance factors as a severity level; and if the system event matches the special attentions rule and fails the security policy, compare the greatest of the plurality of significance factors against a pre-assigned severity level that was pre-assigned to the special attention rule; and assign to the system event a greater of the greatest of the plurality of significance factors and the pre-assigned severity level as a severity level for the system event. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium comprising program instructions executable to:
-
receive a system event initiated by an initiating client associated with a user, wherein the system event comprises a plurality of data elements associated with respective ones of a plurality of system event attributes; evaluate the plurality of data elements of the system event against the security policy to determine whether the system event conforms to the security policy for the user;
wherein the security policy defines permitted actions for different users in accordance with the plurality of system event attributes;determine a greatest of a plurality of significance factors assigned to a plurality of data groups that are associated with the plurality of data elements of the system event; determine whether the system event matches a special attention rule in accordance with the plurality of data elements, wherein the special attention rule defines a prohibited action; if the system event does not match the special attention rule and the system event fails the security policy, assign to the system event the greatest of the plurality of significance factors as a severity level; and if the system event matches the special attentions rule and fails the security policy, compare the greatest of the plurality of significance factors against a pre-assigned severity level that was pre-assigned to the special attention rule; and assign to the system event a greater of the greatest of the plurality of significance factors and the pre-assigned severity level as a severity level. - View Dependent Claims (21, 22, 23, 24)
-
Specification