Systems and methods for correlating log messages into actionable security incidents and managing human responses
US8156553B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 11, 2008 |
| Grant date | Apr 10, 2012 |
| Priority date | — |
| Expiry date | Jun 3, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06Q10/06
- WIPO fieldIT methods for management
- WIPO sectorElectrical engineering
Abstract
Systems and methods for correlating log messages into actionable incidents. Some embodiments implement a method which includes comparing a plurality of disparate log messages to a plurality of incident descriptions. The disparate log messages can be parsed. When the messages correlate with an incident description an incident case can be created. Workflow steps can be associated with the incident case and output along with the incident case. Additional disparate log messages can be compared to the incident expressions and, when additional messages correlate with the correlated incident description, the incident case can be adjusted. In some embodiments, the adjustment can include adding workflow steps to the incident case. Results of various workflow steps can be monitored and adjustments can be made accordingly. In some embodiments, the results can include out-of-bounds activities.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.