CPC G06F 21/56 (2013.01) [G06F 2221/034 (2013.01)] | 21 Claims |
1. A warning apparatus comprising:
at least one memory configured to store instructions; and
at least one processor configured to execute the instructions to perform operations comprising;
acquiring first detected event information representing, at a first abstraction level, an event set being a set of events having occurred in a target system, and generating second detected event information representing, at a second abstraction level, the event set represented by the acquired first detected event information;
determining, from among a plurality of pieces of threat information each representing a threat activity, the threat information having a high degree of relevance to at least either of the first detected event information and the second detected event information; and
generating warning information relating to a threat being occurring in the target system, based on the determined threat information and a matching level being an abstraction level associated with the detected event information having a high degree of relevance to the threat information.
|