	US 12,034,827 B2
	Distributed software-defined industrial systems
Rita H. Wouhaybi, Portland, OR (US); John Vicente, Roseville, CA (US); Kirk Smith, Chandler, AZ (US); Robert Chavez, Phoenix, AZ (US); Mark Yarvis, Portland, OR (US); Steven M. Brown, Chandler, AZ (US); Jeremy Ouillette, Chandler, AZ (US); Roderick E. Kronschnabel, Chandler, AZ (US); Matthew J. Schneider, Chandler, AZ (US); Chris D. Lucero, Chandler, AZ (US); Atul N. Hatalkar, Chandler, AZ (US); Sharad K. Garg, Portland, OR (US); Casey Rathbone, Banks, OR (US); Aaron R. Berck, Hillsboro, OR (US); Xubo Zhang, Fremont, CA (US); Ron Kuruvilla Thomas, San Jose, CA (US); Mandeep Shetty, Chandler, AZ (US); and Ansuya Negi, Beaverton, OR (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Jul. 26, 2023, as Appl. No. 18/226,588.
Application 18/226,588 is a continuation of application No. 17/739,684, filed on May 9, 2022, granted, now 11,758,031.
Application 17/739,684 is a continuation of application No. 16/650,454, granted, now 11,330,087, previously published as PCT/US2018/053607, filed on Sep. 28, 2018.
Claims priority of provisional application 62/612,092, filed on Dec. 29, 2017.
Claims priority of provisional application 62/587,227, filed on Nov. 16, 2017.
Prior Publication US 2024/0064218 A1, Feb. 22, 2024
Int. Cl. G06F 9/455 (2018.01); G05B 19/042 (2006.01); G05B 19/05 (2006.01); G05B 19/418 (2006.01); G06F 3/0481 (2022.01); G06F 8/65 (2018.01); G06F 9/50 (2006.01); G06F 11/20 (2006.01); H04L 41/06 (2022.01); H04L 41/0668 (2022.01); H04L 41/082 (2022.01); H04L 41/084 (2022.01); H04L 67/00 (2022.01); H04L 67/04 (2022.01); H04L 67/10 (2022.01); H04L 67/104 (2022.01); H04L 67/12 (2022.01); H04L 67/125 (2022.01); H04L 67/565 (2022.01); H04L 69/40 (2022.01)

CPC H04L 69/40 (2013.01) [G05B 19/042 (2013.01); G05B 19/054 (2013.01); G05B 19/41835 (2013.01); G06F 8/65 (2013.01); G06F 11/2023 (2013.01); G06F 11/2033 (2013.01); H04L 41/0668 (2013.01); H04L 41/082 (2013.01); H04L 41/0846 (2013.01); H04L 67/04 (2013.01); H04L 67/10 (2013.01); H04L 67/1048 (2013.01); H04L 67/1051 (2013.01); H04L 67/12 (2013.01); H04L 67/125 (2013.01); H04L 67/34 (2013.01); H04L 67/565 (2022.05); G05B 2219/1105 (2013.01); G05B 2219/1214 (2013.01); G05B 2219/32043 (2013.01); G05B 2219/33112 (2013.01); G06F 2201/805 (2013.01); G06F 2201/82 (2013.01); G06F 2201/85 (2013.01)]

20 Claims

1. At least one non-transitory machine-readable medium including instructions, which when executed by processing circuitry, cause the processing circuitry to perform operations to:

identify information indicative of a plurality of detection rules for triggering a corresponding plurality of alerts of an enterprise system;

analyze the information to determine at least one correlation among the plurality of detection rules;

detect an incident triggering two or more detection rules;

prevent two or more alerts corresponding to the two or more detection rules from issuing;

generate a clustered alert for the two or more alerts prevented from issuing based on the at least one correlation corresponding to the two or more alerts prevented from issuing; and

output the clustered alert.