主权项 |
1. A method for managing events, the method comprising:
receiving, by one or more sensors of an event retrieval and analysis computer, a multiplicity of event data for a respective multiplicity of events corresponding to a device; adding, by the event retrieval and analysis computer, the multiplicity of event data to a queue for the device; determining, by the event retrieval and analysis computer, that the queue is not full and a predetermined amount of time has passed since a prior categorization of events represented by respective event data on the queue; responsive to determining that the queue is not full and a predetermined amount of time has passed since a prior categorization of events, based on the event data for each of the multiplicity of events, categorizing, by the event retrieval and analysis computer, each of the multiplicity of events as at least one of
a worm signature event category that represents worm attacks against the device,a sweeps signature event category that represents sweep attacks against a network leading to the device, anda hot decodes signature event category that represents high priority signatures tracked by a user; and comparing, by the event retrieval and analysis computer, a total number of the events in each of the categories to a respective reference number, and responsive to any of the categories where the respective total number of the events exceeds the respective reference number by a predetermined amount, generating and issuing a notice. |