User impact potential for security alert management

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Itay Argoety · Nes Ziona, IL
• Jonathan Moshe Monsonego · Tel Aviv-Yafo, IL
• Idan Hen · Tel Aviv-Yafo, IL
• Payal Rani · Redmond, US
• Sridhar Periyasamy · Burnaby, CA

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques for user impact potential based security alert management in computer systems are disclosed. One example technique includes receiving an alert indicating that a security rule has been violated by a user. The example technique can also include, in response to receiving the data representing the alert, determining an impact score of the user based on the profile of the user. The impact score represents a deviation of an assigned value to the profile of the user and a mean value of assigned values of profiles of all users in the organization. The example technique can further include calculating a ranking value of the alert in relation to other alerts based on the determine impact score and other impacts scores corresponding to the other alerts and selectively surfacing the alert to a system analyst based on the calculated ranking value in relation to other alerts.