To address the increasing threats to computer security, there has been an approach to automation, from detection of security incidents to execution of countermeasures. For example, there has been a technique using a combination of a security detection product for detecting security incidents and an operation management flow for automatically performing an operation management process. In such an automation technique, alert information that is detected by the security detection product is identified in advance, and countermeasures that need to be taken when notifications of the identified alerts are made are defined as automation flows. By doing so, when the security detection product detects a security incident and issues an alert, appropriate countermeasures are automatically taken. This technique makes it possible to resolve security incidents promptly.
By the way, the security detection product makes notifications of all suspected information. Therefore, alert information may include alerts based on false detections, which do not need any countermeasures. To deal with this, there is a technique of providing a filter that has filtering criteria for the serious levels of issued alerts, the relative importance levels of objects causing the alerts, and others, so as to exclude alerts based on false detections from alert information.
Please see, for example, Japanese Laid-open Patent Publication No. 2014-10667 and Japanese National Publication of International Patent Application No. 2004-535624.