Automated determination of relevance of a security alert to one or more other security alerts based on shared markers

摘要

A processing device in one embodiment comprises a processor coupled to a memory and is configured to obtain a plurality of security alerts in a computer network, to process the security alerts to extract a plurality of markers from each of the security alerts, to compute at least one relevance score relating a given one of the security alerts to another one of the security alerts based at least in part on distance measures computed between markers shared by the given security alert and the other security alert, and to adjust at least one operating characteristic of a network security system of the computer network based at least in part on the relevance score. The relevance score may be computed as a function of a number of markers shared by the given security alert and the other security alert.