| CPC G06F 9/542 (2013.01) [H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] | 18 Claims |
|
1. A system, comprising:
a computer with a processor and memory executing an application configured to perform:
receiving one or more events occurring in a computer network;
querying a feature suppression list to determine if to suppress generation of specific features;
generating features from the received events, which are not in the feature suppression list;
examining each feature to determine if to initiate an alert and setting a severity level for the alert;
analyzing alert suppression rules to determine which features serve as a basis for alerts that are acted on and which features serve as a basis for alerts that are suppressed;
generating the feature suppression list, listing features that should be suppressed;
wherein the alert suppression rules suppress handling a user under attack but do not suppress handling an organization under attack.
|