The ability to deliver real-time alerting is in demand from large and very large enterprises. Known intrusion prevention offerings include agent-side rules engines that monitor new types of end points such as automobiles and appliances and transmits detected intrusions to the host systems for appropriate handling. Given the new types of end points such as automobiles and appliances, the number of agents reporting or communicating the alerts to the host system can be potentially in the millions or more. The host system needs to properly manage every agent's alerts and communications and thus need the ability to manage millions of agents. It would be desirable to automate remediation and prioritize alerts so as to reduce false alerts and improve the efficiency of client-server communications