Statement of the Technical Field
The inventive arrangements relate to Security Information and Event Management (“SIEM”). More particularly, the inventive arrangements concern implementing systems and methods for universal interception of events in a computing system using a novel Universal Interception Manager (“UIM”).
Description of the Related Art
Various SIEM systems are employed for facilitating protection of computing devices from malware threats thereto. These SIEM systems comprise a plurality of SIEM sensors for detecting occurrences of events in network nodes. Data loggers are provided for logging information associated with each of the detected events occurring in the respective network node. A centralized data processor periodically accesses the data logs and retrieves the information therefrom. The retrieved information is aggregated from many sources such that operations of the whole system can be monitored. The sources include serves, databases, and applications. The information may then be subsequently processed to: identify common attributes of events; correlate the information based on the common attributes of the events; issue alarms based on the correlated information; and/or generate charts with event data such that patterns of activity within the system can be detected.