Amazon.com, Inc.
Automated management of security operations centers

Abstract:

Disclosed are various embodiments providing automated management of security operations centers. In one embodiment, a correlation and decision engine correlates event data generated by a plurality of monitoring services with a plurality of alerts generated by a plurality of threat intelligence services. The engine then adjusts at least one rule of one or more threat intelligence services with respect to at least one event based at least in part on a corresponding frequency of at least one of the plurality of alerts meeting a threshold, where the adjusted alert(s) are associated with the event(s).