SYSTEM AND METHOD FOR DYNAMIC SCORING OF INCIDENTS

SYSTEM AND METHOD FOR DYNAMIC SCORING OF INCIDENTS

The disclosure provides a system, a method and a computer program product for dynamic scoring of a plurality of incidents. The system is configured to retrieve an incident of the plurality of incidents. The incident comprises at least one alert and is associated with a security breach. The system fu...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Li, Zhichun, Han, Shuchu, Gui, Jiaping, Wang, Qi
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The disclosure provides a system, a method and a computer program product for dynamic scoring of a plurality of incidents. The system is configured to retrieve an incident of the plurality of incidents. The incident comprises at least one alert and is associated with a security breach. The system further generates an enriched alert based on enrichment of the at least one alert. The enrichment is based on security related data of the security breach. The system further identifies one or more entities and one or more observables associated with the generated enriched alert. The system determines a score for the retrieved incident based on at least the generated enriched alert and the generated behavioural entity model. The system is further configured to dynamically update the determined score for the retrieved incident based on an analysis of at least the retrieved incident and the generated behavioural entity model.