30 results about "Incident analysis" patented technology

Solutions for responding to security-related incidents in a computer network, including a security server, and a client-side arrangement. The security server includes an event collection module communicatively coupled to the computer network, an event analysis module operatively coupled to the event collection module, and a solution module operatively coupled to the event analysis module. The event collection module is configured to obtain incident-related information that includes event-level information from at least one client computer of the plurality of client computers, the incident-related information being associated with at least a first incident which was detected by that at least one client computer and provided to the event collection module in response to that detection. The event analysis module is configured to reconstruct at least one chain of events causally related to the first incident and indicative of a root cause of the first incident based on the incident-related information. The solution module is configured to formulate at least one recommendation for use by the at least one client computer, the at least one recommendation being based on the at least one chain of events, and including corrective / preventive action particularized for responding to the first incident.

Methods, apparatuses, and computer program products for administering checkpoints for incident analysis are provided. Embodiments include a checkpoint manager receiving from each incident analyzer of a plurality of incident analyzers, a checkpoint indicating an incident having the oldest identification number still in analysis by the incident analyzer at the time associated with the checkpoint. The checkpoint manager examines each received checkpoint to identify, as a restore incident, an incident having the oldest identification number indicated in any of the received checkpoints. A monitor sends to the incident analyzers, a stream of incidents beginning with the identified restore incident and continuing with any incidents having a newer identification number than the identified restore incident. Each incident analyzer processes from the stream of incidents only the incident indicated in the last checkpoint of the incident analyzer and any subsequent incidents having a newer identification number than the indicated incident.

The invention discloses an analysis system for identification of fault hazard sources of an air defense missile weapon system. The analysis system is placed in an analysis server and includes: a safety data storage and management module, which is used to analyze safety with a product tree node as the center The input and output data are managed and controlled; the initial cause event analysis module is used to obtain reference information from the safety data storage and management module, and clarify all propagation paths from the cause of the accident to the impact; the cause of the accident includes different analysis Fault coupling of related equipment of the system; accident scene analysis module, which is used to realize the modeling and analysis of the temporal causal relationship of faults affecting functions on the basis of the analysis results of primary causes; analysis result viewing module, which provides a tree guide map of analysis results . The invention can solve the technical problem that the traditional analysis method is difficult to analyze complex equipment dangerous events and must rely on engineering experience.

A method, computer program product, and computer system for prioritization of data collection and analysis for incident detection. Data points within a plurality of monitor data corresponding to effects of incidents may be identified by a computing device. The plurality of monitor data may be converted to a set of time series extracted from the plurality of monitor data. The set of time series may be aligned and summarized. A causal relationship graph may be constructed between the set of time series extracted from the plurality of monitor data. Features may be prioritized by likelihood of importance in incident analysis based upon, at least in part, the causal relationship graph.

Methods, apparatuses, and computer program products for selecting during a system shutdown procedure, a restart incident checkpoint of an incident analyzer in a distributed processing system. Embodiments include the incident analyzer determining whether at least one incident is in a queue. If at least one incident is in the queue, the incident analyzer selects as the restart incident checkpoint, a last incident completed checkpoint. If at least one incident is not in the queue, the incident analyzer determines whether the last incident completed checkpoint matches a last incident analysis pool selection checkpoint. If the last incident completed checkpoint matches a last incident analysis pool selection checkpoint, the incident analyzer selects as the restart incident checkpoint, a monitor checkpoint. If the last incident completed checkpoint does not match the last incident analysis pool selection checkpoint, the incident analyzer selects as the restart incident checkpoint, the last incident completed checkpoint.

A method and device for analyzing nuclear power plant operating events, relating to the field of nuclear power plant safety technology, wherein the method includes step 1, investigating the operating event, forming an operating event report and uploading it to the experience feedback system of the National Nuclear Safety Administration; step 2 1. The analysis module conducts qualitative analysis on the operation event and identifies the root cause of the operation event; step three, imports the root cause quantitative data obtained in step two into the quantitative calculation module built based on the Bayesian network model, quantitative calculation and Update the occurrence frequency of such operational events in real time; step 4, determine the experience of preventing and reducing the occurrence of such operational events based on the calculation results obtained in step 3, and feed back the obtained experience to the operating organizations of nuclear power plants. The invention comprehensively uses a qualitative analysis program and a quantitative calculation tool to analyze the operation event of the nuclear power plant, improves the analysis efficiency and accuracy of the operation event of the nuclear power plant, and is beneficial to reduce the occurrence probability of the operation event.