Generating alerts in event management systems

US 8,739,290 B1
Filed: 09/29/2011
Issued: 05/27/2014
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method for generating alerts in an event management system, wherein the event management system comprises an event management device and a risk assessment device, the method comprising:

receiving, in the event management device, data related to events associated with at least one asset in a network environment;

in response to receiving the data, determining, in the event management device, an alert in connection with an event associated with at least one asset in the network environment;

filtering, in the event management device, the received data in order to facilitate creation of an input for the risk assessment device, wherein the input comprises information relating to the alert;

forwarding, from the event management device to the risk assessment device, the input;

determining, in the risk assessment device, a new score indicative of risk based on the input and an old risk score associated with the alert;

forwarding, from the risk assessment device to the event management device, the new score indicative of risk;

receiving, in the event management device, the new score indicative of risk; and

in response to receiving the new score indicative of risk, generating, in the event management device, a score chart that enables the identification of the most likely threat based on score.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed techniques for generating alerts in an event management system which comprises event management device and risk assessment device. In one example, a method comprises the following steps. There is received data in an event management device related to events associated with an asset in a network environment. The received data is filtered in order to provide an input to risk assessment device. The filtered data is forwarded to risk assessment device. A score indicative of risk based on filtered data is determined in risk assessment device. The score is forwarded to event management device and received in event management device. A score chart is generated in the event management device. The score chart includes the score and enables the prioritization of threats based on their respective scores.

Citations

16 Claims

1. A method for generating alerts in an event management system, wherein the event management system comprises an event management device and a risk assessment device, the method comprising:
- receiving, in the event management device, data related to events associated with at least one asset in a network environment;
  
  in response to receiving the data, determining, in the event management device, an alert in connection with an event associated with at least one asset in the network environment;
  
  filtering, in the event management device, the received data in order to facilitate creation of an input for the risk assessment device, wherein the input comprises information relating to the alert;
  
  forwarding, from the event management device to the risk assessment device, the input;
  
  determining, in the risk assessment device, a new score indicative of risk based on the input and an old risk score associated with the alert;
  
  forwarding, from the risk assessment device to the event management device, the new score indicative of risk;
  
  receiving, in the event management device, the new score indicative of risk; and
  
  in response to receiving the new score indicative of risk, generating, in the event management device, a score chart that enables the identification of the most likely threat based on score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as claimed in claim 1, wherein the score is reflective of the significance of the risk.
  - 3. The method as claimed in claim 1, wherein the score is a numerical value in a range whereby the higher the number the greater the significance of the risk.
  - 4. The method as claimed in claim 1, further comprising:
    - setting a score threshold for a threat; and
      
      generating, in the event management device, the score chart including the new score in response to the new score exceeding the threshold.
  - 5. The method as claimed in claim 1, wherein the events relate to unauthorized access of the at least one asset.
  - 6. The method as claimed in claim 1, wherein the events relate to vulnerabilities of the at least one asset.
  - 7. The method as claimed in claim 1, wherein the at least one asset is one or more of an endpoint node or terminal, a host computer, router, a bridge, a server, a printer, a storage device, an I/O device.
  - 8. The method as claimed in claim 1, wherein the risk assessment device comprises a bayesian engine.

9. A system for generating alerts in an event management system, wherein the event management system comprises an event management device and a risk assessment device, the system comprising:
- a hardware processor comprising a program logic for carrying out the steps of;
  
  first logic receiving, in the event management device, data related to events associated with at least one asset in a network environment;
  
  in response to receiving the data, second logic determining, in the event management device, an alert in connection with an event associated with at least one asset in the network environment;
  
  third logic filtering, in the event management device, the received data in order to facilitate creation of an input for the risk assessment device, wherein the input comprises information relating to the alert;
  
  fourth logic forwarding, from the event management device to the risk assessment device, the input;
  
  fifth logic determining, in the risk assessment device, a new score indicative of risk based on the input and an old risk score associated with the alert;
  
  sixth logic forwarding, from the risk assessment device to the event management device, the new score indicative of risk;
  
  seventh logic receiving, in the event management device, the new score indicative of risk; and
  
  in response to receiving the new score indicative of risk, eighth logic generating, in the event management device, a score chart that enables the identification of the most likely threat based on score.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system as claimed in claim 9, wherein the score is reflective of the significance of the risk.
  - 11. The system as claimed in claim 9, wherein the score is a numerical value in a range whereby the higher the number the greater the significance of the risk.
  - 12. The system as claimed in claim 9, further comprising:
    - ninth logic setting a score threshold for a threat; and
      
      tenth logic generating, in the event management device, the score chart including the new score in response to the new score exceeding the threshold.
  - 13. The system as claimed in claim 9, wherein the events relate to unauthorized access of the at least one asset.
  - 14. The system as claimed in claim 9, wherein the events relate to vulnerabilities of the at least one asset.
  - 15. The system as claimed in claim 9, wherein the at least one asset is one or more of an endpoint node or terminal, a host computer, router, a bridge, a server, a printer, a storage device, an I/O device.
  - 16. The system as claimed in claim 9, wherein the risk assessment device comprises a bayesian engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security LLC (Symphony Technology Group LLC)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Jamail, John M, Reich, Daniel B, Hart, Catherine V
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US13/248,572
Time in Patent Office

971 Days
Field of Search

726 22- 26
US Class Current

726/25
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0781   Error filtering or prioriti...

H04L 63/1408   by monitoring network traff...

Generating alerts in event management systems

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Generating alerts in event management systems

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links