| CPC G06F 21/554 (2013.01) [G06F 21/54 (2013.01); G06F 21/552 (2013.01)] | 19 Claims |
|
1. A method for alert management, comprising:
analyzing a plurality of alerts with respect to cybersecurity issues indicated in the plurality of alerts in order to identify at least one group of matching alerts, wherein each group of matching alerts includes alerts generated by a plurality of cybersecurity detection tools, wherein each of the plurality of alerts indicates a software component;
querying a software component associations database based on the software components indicated in each of the at least one group of matching alerts, wherein the software component associations database stores at least associations between configuration files of a plurality of software containers and build files used to build the plurality of software containers;
identifying at least one group of duplicate alerts among the at least one group of matching alerts based on associations returned by the software component associations database in response to querying the software component associations database, wherein the software component indicated by a first alert of each group of duplicate alerts is associated with the software component indicated by a second alert of the group of duplicate alerts, wherein the software component indicated by the first alert is identified as related to the software component indicated by the second alert based on a correlation between a configuration file of the software component indicated by the first alert and a build file of the software component indicated by the second alert among the associations returned by the software component associations database; and
managing the plurality of alerts based on the at least one group of duplicate alerts.
|