1
Phillip Andrew Porras, Martin Wayne Fong: Network-based alert management. SRI International, Kin Wah Tong, Moser Patterson & Sheridan, March 9, 2004: US06704874 (322 worldwide citation)

A method of managing alerts in a network including receiving alerts from network sensors, consolidating the alerts that are indicative of a common incident and generating output reflecting the consolidated alerts.


2
Alfonso De Jesus Valdes, Martin Wayne Fong, Phillip Andrew Porras: Prioritizing Bayes network alerts. SRI International, May 27, 2008: US07379993 (38 worldwide citation)

This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, e ...


3
Phillip Andrew Porras, Martin Wayne Fong: Network-based alert management system. SRI International, Fish & Richardson P C, April 6, 2010: US07694115 (27 worldwide citation)

A system for managing network alerts including data connections adapted to receive alerts from network sensors, alert processing logic coupled to the data connections and further including alert integration logic operable to integrate the alerts, report generation logic coupled to the alert integrat ...


4
Phillip Andrew Porras, Martin Wayne Fong: User, process, and application tracking in an intrusion detection system. Moser Patterson & Sheridan, February 5, 2004: US20040024864-A1

Preferred embodiments combine audit records with other relevant information to identify and track the users, processes or applications responsible for an attack. Information that identifies a user, process, or application may be associated with subsequent audit records related to the user or process ...


5
Alfonso De Jesus Valdes, Martin Wayne Fong, Phillip Andrew Porras: Prioritizing bayes network alerts. Moser Patterson & Sheridan, May 15, 2003: US20030093514-A1

This invention uses Bayesian techniques to prioritize alerts or alert groups generated by intrusion detection systems and other information security devices, such as network analyzers, network monitors, firewalls, antivirus software, authentication services, host and application security services, e ...