(57) ABSTRACT A method and System is proposed that allow to proceSS alarms, that have
been triggered by a monitoring System, by means of a model representing the normal alarm …

(57) ABSTRACT A method and system is designed for processing alarms, that have been
triggered by a monitoring system such as an intru sion detection system, a firewall, or a …

(57) ABSTRACT A method and system is designed for processing alarms, that have been
triggered by a monitoring system such as an intru sion detection system, a firewall, or a …

(57) ABSTRACT A system and method for automatically constructing a baseline for an
attribute of a monitored system, calculating a threshold based on the constructed baseline …

Method and system for improving the detection of security threats in a communication
network, including security devices which generate security events. The present invention …

In one embodiment, the present invention provides a method for consolidating data
collected by a monitoring device. The method comprises receiving a plurality of instances of …

US6546493B1 - System, method and computer program product for risk assessment scanning
based on detected anomalous events - Google Patents US6546493B1 - System, method and …

Under the present invention indications of an event are moni tored based upon a
comparison of a computer system metric to a corresponding metric threshold over time. It is …

A system (10) for receiving measurement data wherein there is a processing means of the
measurement data to create or update at least two models (28) where each model is a …

An automated decision engine is utilized to screen incoming alarms using a knowledge-
base of decision rules. The deci sion rules are updated with the assistance of a data mining …