主权项 |
1. A system for detecting an advanced persistent threat (APT) attack on a private computer network of an organization, the system comprising:
a plurality of hosts computers, the plurality of hosts computers receives network traffic over the private computer network, parses the network traffic to generate event data that indicate access to particular computers on the private computer network that store confidential data of the organization, and transmits the event data over the private computer network; and an APT detection server comprising one or more computers that receive the event data from the plurality of hosts computers, store the event data in an event log, and correlate data in the event log using a set of alert rules to detect an APT attack by identifying an anomalous access to one or more of the particular computers. |