| 摘要 |
A method of managing alerts issued by intrusion detection sensors ( 11 a, 11 b, 11 c) of an information security system ( 1 ) including an alert management system ( 13 ), each alert being defined by an alert identifier and an alert content. Each of the alerts issued by the intrusion detection sensors ( 11 a, 11 b, 11 c) is associated with a description including a conjunction of valued attributes belonging to attribute domains. The valued attributes belonging to each attribute domain are organized into a taxonomic structure defining generalization relationships between said valued attributes, the plurality of attribute domains thus forming a plurality of taxonomic structures. The description of each of said alerts is completed with sets of values induced by the taxonomic structures on the basis of the valued attributes of said alerts to form complete alerts. The complete alerts are stored in a logic file system ( 21 ) to enable them to be consulted.
|
