SYSTEMS AND METHODS FOR CORRELATING EVENTS TO DETECT AN INFORMATION SECURITY INCIDENT

Disclosed are systems and method for correlating events to detect an information security incident. In one example, a correlation module may receive a plurality of network events indicating potentialsecurity violations, wherein each network event has a respective timestamp. The correlation module may identify, from the plurality of network events, a subset of network events that have occurred within a period of time, based on each respective timestamp. The correlation module may determine a plurality of potential orders of occurrence for the subset of network events. The correlation module may apply at least one correlation rule to each respective potential order of the plurality of potential orders. In response to determining that the at least one correlation rule is fulfilled, the correlation module may detect the information security incident. 本发明涉及用于关联事件来检测信息安全事故的系统和方法，其中，关联模块可以接收指示潜在安全性的违反的多个网络事件，其中，所述多个网络事件中的每个网络事件具有相应的时间戳。所述关联模块可以基于每个相应的时间戳，从所述多个网络事件中识别在一段时间内已经发生的网络事件的子集。所述关联模块可以针对所述网络事件的子集确定多个潜在发生顺序。所