SYSTEM AND METHOD OF FRAUD AND MISUSE DETECTION USING EVENT LOGS

摘要

A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored in the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.

主权项

1. A method of detecting improper access of business information in a computer environment, the business information including customer and prospect information and records that correspond to a particular partner, the method comprising:
generating a rule for monitoring audit log data representing at least one of transactions or activities that are executed in the computer environment, which are associated with the business information, the rule comprising at least one criterion related to at least one of accesses in excess of a specific volume, accesses during a pre-determined time interval, or accesses by a specific user, that is indicative of improper access of the business information by an authorized user wherein the improper access is an indication of potential theft of the business information, the authorized user having a pre-defined role comprising authorized computer access to the business information; applying the rule to the audit log data to determine if an event has occurred, the event occurring if the at least one criterion has been met; storing, in a memory, a hit if the event has occurred; and providing notification if the event has occurred.