发明授权
US08156553B1 Systems and methods for correlating log messages into actionable security incidents and managing human responses
有权
将日志消息与可操作的安全事件相关联并管理人类响应的系统和方法
- 专利标题: Systems and methods for correlating log messages into actionable security incidents and managing human responses
- 专利标题(中): 将日志消息与可操作的安全事件相关联并管理人类响应的系统和方法
-
申请号: US12171713申请日: 2008-07-11
-
公开(公告)号: US08156553B1公开(公告)日: 2012-04-10
- 发明人: Christopher Church , Eugene Golovinsky , Mikhail Govshteyn
- 申请人: Christopher Church , Eugene Golovinsky , Mikhail Govshteyn
- 申请人地址: US TX Houston
- 专利权人: Alert Logic, Inc.
- 当前专利权人: Alert Logic, Inc.
- 当前专利权人地址: US TX Houston
- 代理机构: Sprinkle IP Law Group
- 主分类号: G06F11/00
- IPC分类号: G06F11/00
摘要:
Systems and methods for correlating log messages into actionable incidents. Some embodiments implement a method which includes comparing a plurality of disparate log messages to a plurality of incident descriptions. The disparate log messages can be parsed. When the messages correlate with an incident description an incident case can be created. Workflow steps can be associated with the incident case and output along with the incident case. Additional disparate log messages can be compared to the incident expressions and, when additional messages correlate with the correlated incident description, the incident case can be adjusted. In some embodiments, the adjustment can include adding workflow steps to the incident case. Results of various workflow steps can be monitored and adjustments can be made accordingly. In some embodiments, the results can include out-of-bounds activities.
信息查询
