Generating alerts in event management systems
First Claim
1. A method for generating alerts in an event management system, wherein the event management system comprises an event management device and a risk assessment device, the method comprising:
- receiving, in the event management device, data related to events associated with at least one asset in a network environment;
in response to receiving the data, determining, in the event management device, an alert in connection with an event associated with at least one asset in the network environment;
filtering, in the event management device, the received data in order to facilitate creation of an input for the risk assessment device, wherein the input comprises information relating to the alert;
forwarding, from the event management device to the risk assessment device, the input;
determining, in the risk assessment device, a new score indicative of risk based on the input and an old risk score associated with the alert;
forwarding, from the risk assessment device to the event management device, the new score indicative of risk;
receiving, in the event management device, the new score indicative of risk; and
in response to receiving the new score indicative of risk, generating, in the event management device, a score chart that enables the identification of the most likely threat based on score.
18 Assignments
0 Petitions
Accused Products
Abstract
There is disclosed techniques for generating alerts in an event management system which comprises event management device and risk assessment device. In one example, a method comprises the following steps. There is received data in an event management device related to events associated with an asset in a network environment. The received data is filtered in order to provide an input to risk assessment device. The filtered data is forwarded to risk assessment device. A score indicative of risk based on filtered data is determined in risk assessment device. The score is forwarded to event management device and received in event management device. A score chart is generated in the event management device. The score chart includes the score and enables the prioritization of threats based on their respective scores.
-
Citations
16 Claims
-
1. A method for generating alerts in an event management system, wherein the event management system comprises an event management device and a risk assessment device, the method comprising:
-
receiving, in the event management device, data related to events associated with at least one asset in a network environment; in response to receiving the data, determining, in the event management device, an alert in connection with an event associated with at least one asset in the network environment; filtering, in the event management device, the received data in order to facilitate creation of an input for the risk assessment device, wherein the input comprises information relating to the alert; forwarding, from the event management device to the risk assessment device, the input; determining, in the risk assessment device, a new score indicative of risk based on the input and an old risk score associated with the alert; forwarding, from the risk assessment device to the event management device, the new score indicative of risk; receiving, in the event management device, the new score indicative of risk; and in response to receiving the new score indicative of risk, generating, in the event management device, a score chart that enables the identification of the most likely threat based on score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for generating alerts in an event management system, wherein the event management system comprises an event management device and a risk assessment device, the system comprising:
-
a hardware processor comprising a program logic for carrying out the steps of; first logic receiving, in the event management device, data related to events associated with at least one asset in a network environment; in response to receiving the data, second logic determining, in the event management device, an alert in connection with an event associated with at least one asset in the network environment; third logic filtering, in the event management device, the received data in order to facilitate creation of an input for the risk assessment device, wherein the input comprises information relating to the alert; fourth logic forwarding, from the event management device to the risk assessment device, the input; fifth logic determining, in the risk assessment device, a new score indicative of risk based on the input and an old risk score associated with the alert; sixth logic forwarding, from the risk assessment device to the event management device, the new score indicative of risk; seventh logic receiving, in the event management device, the new score indicative of risk; and in response to receiving the new score indicative of risk, eighth logic generating, in the event management device, a score chart that enables the identification of the most likely threat based on score. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification