As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
An auditing system may monitor event logs generated in a computer system and enable a user (e.g., a system administrator) to manually create one or more alert profiles. An alert profile may include a set of conditions (e.g., event logs occurring within a predetermined period of time) and one or more actions to perform (e.g., raise an alert, send an alert notification message, etc.) when the conditions are satisfied. For example, if the auditing system determines that the conditions of a particular alert profile are satisfied (e.g., one or more event logs occur within a predetermined period of time), then the auditing system may perform the one or more actions (e.g., raising an alert) specified in the particular alert profile. However, with large and complex computer systems, alert profiles that were relevant during a particular period of time may become irrelevant. For example, as a computing system grows and evolves, an alert profile that was relevant when the computing system was a particular size and handled a particular amount of traffic may be irrelevant after the computing system has grown to a larger size or is handling a larger amount of traffic. The irrelevant alert profiles may continue to raise alerts (or perform other actions) even though the alerts are no longer relevant, resulting in the alerts becoming “background noise” that is ignored.