CPC H04L 69/40 (2013.01) [G05B 19/042 (2013.01); G05B 19/054 (2013.01); G05B 19/41835 (2013.01); G06F 8/65 (2013.01); G06F 11/2023 (2013.01); G06F 11/2033 (2013.01); H04L 41/0668 (2013.01); H04L 41/082 (2013.01); H04L 41/0846 (2013.01); H04L 67/04 (2013.01); H04L 67/10 (2013.01); H04L 67/1048 (2013.01); H04L 67/1051 (2013.01); H04L 67/12 (2013.01); H04L 67/125 (2013.01); H04L 67/34 (2013.01); H04L 67/565 (2022.05); G05B 2219/1105 (2013.01); G05B 2219/1214 (2013.01); G05B 2219/32043 (2013.01); G05B 2219/33112 (2013.01); G06F 2201/805 (2013.01); G06F 2201/82 (2013.01); G06F 2201/85 (2013.01)] | 20 Claims |
1. At least one non-transitory machine-readable medium including instructions, which when executed by processing circuitry, cause the processing circuitry to perform operations to:
identify information indicative of a plurality of detection rules for triggering a corresponding plurality of alerts of an enterprise system;
analyze the information to determine at least one correlation among the plurality of detection rules;
detect an incident triggering two or more detection rules;
prevent two or more alerts corresponding to the two or more detection rules from issuing;
generate a clustered alert for the two or more alerts prevented from issuing based on the at least one correlation corresponding to the two or more alerts prevented from issuing; and
output the clustered alert.
|