An exception is a condition, often an error, which causes the program or microprocessor to branch to a different routine, and/or terminate. Performing some actions in response to the arising of an exception is called handling the exception. For example, exception handling in a C++ environment allows a detector of the exception to pass an error condition to code (e.g. an exception handler) that is prepared to handle the same.
Exceptions are relevant in a myriad of computing environments. For example, in a security program that monitors computer/network events for violation of a security rule, etc. such a rule may be found to be violated when, in reality, the event does not constitute a security threat. Such situation is often referred to as a false positive. In a general context, a false positive, also called a false alarm, exists when a test of any sort incorrectly reports that it has identified a situation where none exists in reality. Detection algorithms of all kinds often create false positives.
In order to address such false positives, an exception may be generated for each situation that would otherwise trigger a false positive. This process of creating exceptions to avoid false positives may be referred to as false positive tuning. False positive tuning can be an expensive task. Traditionally, a user is required to identify a program (such as a security program), collect events, and then manually create exceptions for an associated rule set to avoid creation of events that were deemed false positives.
There is thus a need for overcoming these and/or other problems associated with the prior art.