Advanced intelligence engine

摘要

An advanced intelligence engine (AIE) for use in identifying what may be complex events or developments on one or more data platforms or networks from various types of structured or normalized data generated by one or more disparate data sources. The AIE may conduct one or more types of quantitative, correlative, behavioral and corroborative analyses to detect events from what may otherwise be considered unimportant or non-relevant information spanning one or more time periods. Events generated by the AIE may be passed to an event manager to determine whether further action is required such as reporting, remediation, and the like.

主权项

1. A method for use in monitoring one or more platforms of one or more data systems, comprising:
receiving, at a processor, structured data generated by one or more platforms over at least one communications network; first evaluating, by the processor engine using one of first and second rule blocks, at least some of the data; first determining that a result of the first evaluating is a first of at least first and second outcomes, wherein the at least some of the data leading to the first outcome is identified by a time stamp that corresponds to a first time; accessing, by the processor, a linking relationship object contained within at least one of the first and second rule blocks to determine a specified time period relative to the first time; second evaluating, by the processor using the other of the first and second rule blocks, at least some of the data associated with one or more time stamps corresponding to a second time within the specified time period relative to the first time; second determining, from the second evaluating, whether a result is one of at least first and second outcomes; and analyzing the results of the first and second determining steps to determine an event of interest.