发明名称 |
EVENT CORRELATION ACROSS HETEROGENEOUS OPERATIONS |
摘要 |
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for correlating domain activity data. First domain activity data from a first network domain and second domain activity data from a second network domain is received. The first domain activity data and the second domain activity data is filtered to remove irrelevant activity data, based on a first set of profile data for devices in the first network domain and a second set of profile data for devices in the second network domain. Unfiltered first and second domain activity data is aggregated. Aggregated unfiltered first and second domain activity data is correlated to determine an attack path for an attack that occurs across the first network domain and the second network domain, based on attack signatures and profiles associated with previously identified attacks. A visualization of the attack path is generated. |
申请公布号 |
EP3079336(A1) |
申请公布日期 |
2016.10.12 |
申请号 |
EP20160164614 |
申请日期 |
2016.04.11 |
申请人 |
ACCENTURE GLOBAL SERVICES LIMITED |
发明人 |
HASSANZADEH, AMIN;MODI, SHIMON;MULCHANDANI, SHAAN;NEGM, WALID |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|