A method and system is designed for processing alarms, that have been
triggered by a monitoring system such as an intrusion detection system, a
firewall, or a network management system, comprising the steps of
entering the triggered alarms into an alarm log, evaluating similarity
between alarms, grouping similar alarms into alarm clusters, summarizing
alarm clusters by means of generalized alarms, counting the covered
alarms for each generalized alarm and forwarding generalized alarms for
further processing if the number of alarms covered satisfies a
predetermined criterion.