查看文章

A method and system is designed for processing alarms, that have been triggered by a monitoring system such as an intru sion detection system, a firewall, or a network management system, comprising the steps of entering the triggered alarms into an alarm log, evaluating similarity between alarms, grouping similar alarms into alarm clusters, Summarizing alarm clusters by means of generalized alarms, counting the covered alarms for each generalized alarm and forwarding generalized alarms for further processing if the number of alarms covered satisfies a predetermined criterion.