| US 7,594,270 B2 | ||
| Threat scoring system and method for intrusion detection security networks | ||
| Christopher A. Church, Houston, Tex. (US); Mikhail Govshteyn, Houston, Tex. (US); Christopher D. Baker, Pearland, Tex. (US); and Christopher D. Holm, Houston, Tex. (US) | ||
| Assigned to Alert Logic, Inc., Houston, Tex. (US) | ||
| Filed on Dec. 29, 2005, as Appl. No. 11/321,620. | ||
| Claims priority of provisional application 60/639923, filed on Dec. 29, 2004. | ||
| Prior Publication US 2007/0169194 A1, Jul. 19, 2007 | ||
| Int. Cl. G08B 23/00 (2006.01) | ||
| U.S. Cl. 726—23 | 26 Claims |
| 1. A method of analyzing an event detected in a distributed computer system, comprising:
at a receiving server machine in a security expert system, receiving information from said distributed computer system over
a network, wherein said information comprises said event and wherein said event is detected by a device in said distributed
computer system;
storing said event in a database in said security expert system;
at an expert system server machine in said security expert system:
retrieving said event from said database;
determining an attack validation value associated with said event;
determining a target exposure value associated with a host targeted by said event;
determining an attacker rating value associated with an attacker originating said event; and
determining a threat rating for said event utilizing said attack validation value, said target exposure value, and said attacker
rating value; and
displaying said threat rating on a user interface for said security expert system.
|