DETECTION OF SECURITY INCIDENTS WITH LOW CONFIDENCE SECURITY EVENTS

DETECTION OF SECURITY INCIDENTS WITH LOW CONFIDENCE SECURITY EVENTS

Techniques are disclosed for detecting security incidents based on low confidence security events. A security management server aggregates a collection of security events received from logs from one or more devices. The security management server evaluates the collection of security events based on...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: SPERTUS Michael, ROUNDY Kevin
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator SPERTUS Michael
ROUNDY Kevin
description Techniques are disclosed for detecting security incidents based on low confidence security events. A security management server aggregates a collection of security events received from logs from one or more devices. The security management server evaluates the collection of security events based on a confidence score assigned to each distinct type of security event. Each confidence score indicates a likelihood that a security incident has occurred. The security management server determines, based on the confidence scores, at least one threshold for determining when to report an occurrence of a security incident from the collection of security events. Upon determining that at least one security event of the collection has crossed the at least one threshold, the security management server reports the occurrence of the security incident to an analyst.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2017093902A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2017093902A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2017093902A13</originalsourceid><addsrcrecordid>eNrjZHB2cQ1xdQ7x9PdT8HdTCHZ1Dg3yDIlU8PRz9nRx9QsJVgj3DPFQ8PEPV3D293MDiTm7IpS5hoHU8DCwpiXmFKfyQmluBmU31xBnD93Ugvz41OKCxOTUvNSS-NBgIwNDcwNLY0sDI0dDY-JUAQD6tCy2</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>DETECTION OF SECURITY INCIDENTS WITH LOW CONFIDENCE SECURITY EVENTS</title><source>esp@cenet</source><creator>SPERTUS Michael ; ROUNDY Kevin</creator><creatorcontrib>SPERTUS Michael ; ROUNDY Kevin</creatorcontrib><description>Techniques are disclosed for detecting security incidents based on low confidence security events. A security management server aggregates a collection of security events received from logs from one or more devices. The security management server evaluates the collection of security events based on a confidence score assigned to each distinct type of security event. Each confidence score indicates a likelihood that a security incident has occurred. The security management server determines, based on the confidence scores, at least one threshold for determining when to report an occurrence of a security incident from the collection of security events. Upon determining that at least one security event of the collection has crossed the at least one threshold, the security management server reports the occurrence of the security incident to an analyst.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2017</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20170330&amp;DB=EPODOC&amp;CC=US&amp;NR=2017093902A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25563,76318</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20170330&amp;DB=EPODOC&amp;CC=US&amp;NR=2017093902A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>SPERTUS Michael</creatorcontrib><creatorcontrib>ROUNDY Kevin</creatorcontrib><title>DETECTION OF SECURITY INCIDENTS WITH LOW CONFIDENCE SECURITY EVENTS</title><description>Techniques are disclosed for detecting security incidents based on low confidence security events. A security management server aggregates a collection of security events received from logs from one or more devices. The security management server evaluates the collection of security events based on a confidence score assigned to each distinct type of security event. Each confidence score indicates a likelihood that a security incident has occurred. The security management server determines, based on the confidence scores, at least one threshold for determining when to report an occurrence of a security incident from the collection of security events. Upon determining that at least one security event of the collection has crossed the at least one threshold, the security management server reports the occurrence of the security incident to an analyst.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2017</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZHB2cQ1xdQ7x9PdT8HdTCHZ1Dg3yDIlU8PRz9nRx9QsJVgj3DPFQ8PEPV3D293MDiTm7IpS5hoHU8DCwpiXmFKfyQmluBmU31xBnD93Ugvz41OKCxOTUvNSS-NBgIwNDcwNLY0sDI0dDY-JUAQD6tCy2</recordid><startdate>20170330</startdate><enddate>20170330</enddate><creator>SPERTUS Michael</creator><creator>ROUNDY Kevin</creator><scope>EVB</scope></search><sort><creationdate>20170330</creationdate><title>DETECTION OF SECURITY INCIDENTS WITH LOW CONFIDENCE SECURITY EVENTS</title><author>SPERTUS Michael ; ROUNDY Kevin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2017093902A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2017</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>SPERTUS Michael</creatorcontrib><creatorcontrib>ROUNDY Kevin</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>SPERTUS Michael</au><au>ROUNDY Kevin</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>DETECTION OF SECURITY INCIDENTS WITH LOW CONFIDENCE SECURITY EVENTS</title><date>2017-03-30</date><risdate>2017</risdate><abstract>Techniques are disclosed for detecting security incidents based on low confidence security events. A security management server aggregates a collection of security events received from logs from one or more devices. The security management server evaluates the collection of security events based on a confidence score assigned to each distinct type of security event. Each confidence score indicates a likelihood that a security incident has occurred. The security management server determines, based on the confidence scores, at least one threshold for determining when to report an occurrence of a security incident from the collection of security events. Upon determining that at least one security event of the collection has crossed the at least one threshold, the security management server reports the occurrence of the security incident to an analyst.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US2017093902A1
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title DETECTION OF SECURITY INCIDENTS WITH LOW CONFIDENCE SECURITY EVENTS
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-10T15%3A29%3A59IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=SPERTUS%20Michael&rft.date=2017-03-30&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2017093902A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true