A system, computer program, and method of providing an automatic cooperative
response
ability to all members of a domain in light of a detected threat or other suspicious
activity, such as, for example, a virus or denial of service attack, directed,
at least initially, at less than all members of the domain. The system broadly
comprises the domain; a log server; a detection server; and a profile server. The
domain comprises a logical grouping of members having similar risk profiles. The
detection server monitors and parses log and audit records generated by the members
and copied to the log server. When the detection server identifies threatening
or other suspicious activity it sets an alert status in a security profile stored
on the profile server. The members periodically query the profile server for updates
to the alert status and are thereby apprised of the alert.