首页>
外国专利>
Method and system for analysis of security events in a managed computer network
Method and system for analysis of security events in a managed computer network
展开▼
机译:用于分析托管计算机网络中的安全事件的方法和系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
An event retrieval and analysis system compares counts of event data for a device to stored profile counts to determine if alerts should be triggered. Event data can be retrieved by a sensor. Rules for analyzing the event data can be retrieved based on the device. The event data is analyzed based on the rules to determine recordable events. Recordable events are organized into categories representing a type or severity of attack. Current event counts are calculated by summing the recordable events for each category. A normal profile is retrieved for the device and compared to the current event count. A percentage change trigger can be retrieved from a threshold matrix based on the current event count. The percentage increase of the current event count over the normal profile is calculated and compared to the percentage change trigger to determine if an alert is triggered by the analysis system.
展开▼