US 12,190,161 B1
Security incident and event management case creation system and method
Alec R. Kerr, Tuscaloosa, AL (US); and Joseph Edmonds, Ellicott City, MD (US)
Assigned to MORGAN STANLEY SERVICES GROUP INC., New York, NY (US)
Filed by MORGAN STANLEY SERVICES GROUP INC., New York, NY (US)
Filed on Aug. 5, 2024, as Appl. No. 18/794,248.
Int. Cl. G06F 9/50 (2006.01); G06F 21/55 (2013.01)
CPC G06F 9/5027 (2013.01) [G06F 21/554 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A system for improving efficiency of processing alerts by a Security Incident & Event Management (SIEM) platform, the system comprising:
a pipeline coupled to a source of alerts and an SIEM platform, the pipeline including
a source task having an input through which it can receive alerts from the source of alerts and an output;
at least one process task having an input and an output, wherein the input is coupled to the output of the source task;
at least one sink task having an input, coupled to the output of the at least one process task, and an output coupled to the SIEM platform, wherein the at least one sink task is configured to publish cases to the SIEM platform when a count of cases is less than or equal to a count of alerts received by a preceding task;
wherein the at least one process task is configured to operate on alerts received via its input and wherein the at least one process task is configured to be skippable in the event an exception occurs in the at least one process task when the at least one process task is operating on at least one alert received via its input.