| US 7,551,073 B2 | ||
| Method, system and program product for alerting an information technology support organization of a security event | ||
| Andrew J. Gavin, DeWitt, Mich. (US) | ||
| Assigned to International Business Machines Corporation, Armonk, N.Y. (US) | ||
| Filed on Jan. 10, 2007, as Appl. No. 11/621,719. | ||
| Prior Publication US 2008/0168531 A1, Jul. 10, 2008 | ||
| Int. Cl. G08B 29/00 (2006.01); G06F 17/00 (2006.01); G06F 7/00 (2006.01) | ||
| U.S. Cl. 340—506 [340/525; 726/1; 726/10; 726/23; 726/26] | 26 Claims |
| 1. A method of alerting an information technology support organization of a security event, said method comprising the steps
of:
storing in a trouble ticket alerting system a plurality of trouble tickets corresponding to a plurality of logged security
events for a system on a network monitored by an information technology support organization;
analyzing, at a pre-determined time interval, intrusion detection system logs for one or more recently logged security events
of said plurality of logged security events, said one or more recently logged security events being logged within said pre-determined
time interval;
comparing a recent security event of said one or more recently logged security events to each of said plurality of trouble
tickets stored in said trouble ticket alerting system; and
if said recent security event does not match an existing trouble ticket, automatically creating a new trouble ticket in said
trouble ticket alerting system, and if said recent security event matches said existing trouble ticket, escalating said existing
trouble ticket, wherein said information technology support organization is alerted of said recent security event so that
appropriate action can be taken to alleviate said recent security event.
|