| CPC H04L 63/1441 (2013.01) [H04L 63/20 (2013.01)] | 20 Claims |
|
1. A non-transitory machine-readable storage medium storing machine-readable instructions that upon execution cause a system to:
detect a first alert associated with activities of a first group of entities, the first alert generated by a first type of security agent;
predict an alert collection including a plurality of alerts expected to occur based on occurrence of the first alert and based on contextual information for the first alert, the contextual information comprising information of the first type of security agent that generated the first alert, wherein a second alert of the alert collection is from a second type of security agent different from the first type of security agent;
generate a plurality of remediation actions to apply in response to a pattern of alerts including the first alert and the plurality of alerts of the alert collection;
generate remediation action information comprising entries that correlate respective alerts of the pattern of alerts to respective remediation actions of the plurality of remediation actions, the remediation action information further identifying a sequence of the first alert and the plurality of alerts that are part of the pattern of alerts; and
provide, in an electronic device to be protected against attacks, the remediation action information that identifies the sequence and that comprises the entries, wherein one or more of the plurality of remediation actions are to be applied by the electronic device responsive to occurrence of the pattern of alerts.
|