Security incident manager
US8209759B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 18, 2006 |
| Grant date | Jun 26, 2012 |
| Priority date | — |
| Expiry date | Oct 16, 2027 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A security incident manger includes events and network flows in the analysis of an attack to better identify the magnitude of the attack and how to handle the situation. The raw events are reported by monitored devices and the incident manager may request network flows from various devices corresponding to a raw event. The manager then assigns a variable score to the severity, the relevance and the credibility of the event to determine its next processing steps. Those events that appear to be a likely and effective attack are classified as offenses. Offenses are stored in order to provide additional data for evaluating future events and for building a “rap sheet” against repeat attackers and repeat events.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.