Real-Time Security Monitoring Using Cross-Channel Event Processor

摘要

Aspects described herein provide systems and methods for computer system security monitoring. Multiple event monitoring agents may be deployed across an enterprise-wide computing system such that each event monitoring agent monitors at least one event generator of the enterprise-wide computing system. The event monitoring agents may be connected to an event processing server. The event processing server may receive event information generated by the event monitoring agents that describe events occurring at the event generators. The event processing server may perform a security analysis on at least a portion of the event information received that includes applying a security policy to the event information. The event processing server may execute a security response based on the security analysis performed such as, for example, a response specified in the security policy applied.

主权项

1. A computer-implemented method of computer system security monitoring:
deploying a plurality of event monitoring agents across an enterprise-wide computing system such that each of a plurality of event generators of the enterprise-wide computing system is monitored by one of the event monitoring agents; connecting each of the event monitoring agents to an event processing server; receiving, at the event processing server, first event information generated by a first one of the event monitoring agents describing a first event that occurred at a first one of the event generators; receiving, at the event processing server, second event information generated by a second one of the event monitoring agents describing a second event that occurred at a second one of the event generators; performing, by the event processing server, a security analysis that comprises applying a security policy to the first event information and the second event information; and executing, by the event processing server, a security response based on the security analysis performed.