SYSTEMS AND METHODS FOR CYBERSECURITY ALERT DEDUPLICATION, GROUPING, AND PRIORITIZATION

Abstract: systems and methods for alert deduplication. a method includes querying a software component associations database based on a plurality of software containers indicated by a plurality of alerts in order to identify a plurality of correlations between software containers among the plurality of software containers, wherein the software component associations database stores at least associations between configuration files of the plurality of software containers and build files used to build the plurality of software containers; identifying at least one set of duplicate alerts among the plurality of alerts based on the identified plurality of correlations, wherein each set of duplicate alerts includes at least two alerts of the plurality of alerts which indicate correlated software containers among the plurality of software containers; and deduplicating the plurality of alerts based on the identified at least one set of duplicate alerts in order to produce a deduplicated set of alerts.

Inventor(s): Oren YONA, Eyal GOLOMBEK, Tomer SCHWARTZ, Eshel YARON, Pavel RESNIANSKI

CPC Classification: G06F21/554 ({involving event detection and direct action})

Search for rejections for patent application number 20250190556