摘要 |
<p>Methods and apparatus are disclosed for processing status messages for use in network security management in respect of a network of computing devices, the status messages comprising data relating to a plurality of attributes; the method comprising: filtering received status messages according to filtering rules in order to identify (i) status messages indicative of potential or actual network security events in respect of which a predetermined response is deemed applicable; (ii) status messages in respect of which a null response is deemed applicable; and (iii) residue messages not identified as (i) or (ii); processing messages identified as (i) such that a predetermined response may be initiated; performing analysis involving clustering in respect of messages identified as residue messages; and updating the filtering rules for use in subsequent filtering of received status messages in dependence on the result of the analysis.</p> |