摘要:
Systems and methods for correlating log messages into actionable incidents. Some embodiments implement a method which includes comparing a plurality of disparate log messages to a plurality of incident descriptions. The disparate log messages can be parsed. When the messages correlate with an incident description an incident case can be created. Workflow steps can be associated with the incident case and output along with the incident case. Additional disparate log messages can be compared to the incident expressions and, when additional messages correlate with the correlated incident description, the incident case can be adjusted. In some embodiments, the adjustment can include adding workflow steps to the incident case. Results of various workflow steps can be monitored and adjustments can be made accordingly. In some embodiments, the results can include out-of-bounds activities.
摘要:
Embodiments of the invention provide a security expert system (SES) that automates intrusion detection analysis and threat discovery that can use fuzzy logic and forward-chaining inference engines to approximate human reasoning process. Embodiments of the SES can analyze incoming security events and generate a threat rating that indicates the likelihood of an event or a series of events being a threat. In one embodiment, the threat rating is determined based on an attacker rating, a target rating, a valid rating, and, optionally, a negative rating. In one embodiment, the threat rating may be affected by a validation flag. The SES can analyze the criticality of assets and calibrate/recalibrate the severity of an attack accordingly to allow for triage. The asset criticality can have a user-defined value. This ability allows the SES to protect and defend critical network resources in a discriminating and selective manner if necessary (e.g., many attacks).
摘要:
The Improved Mobile Digital Video Recorder (IMDVR) system is a ruggedized, multiple camera video and audio recording system that is installed within a public transit vehicle to record, store, and manage an integrated data stream of data captured within and exterior to the transit vehicle. The system is focused on multiple person vehicles and the capture of an integrated data stream for use in transit security, liability, and evidentiary processes.
摘要:
The Improved Mobile Digital Video Recorder (IMDVR) system is a ruggedized, multiple camera video and audio recording system that is installed within a public transit vehicle to record, store, and manage an integrated data stream of data captured within and exterior to the transit vehicle. The system is focused on multiple person vehicles and the capture of an integrated data stream for use in transit security, liability, and evidentiary processes.