Designed to protect servers running Microsoft® Internet Information Services, (IIS), ThreatSentry™ is an advanced neural application that continuously collects, analyze and organizes server events into an evolving baseline of acceptable activity. Each server connection is compared against this baseline to identify and take action against any activity falling outside of acceptable parameters. Upon installation ThreatSentry begins to collect and organize IIS-specific data into clusters that reflect the normal use patterns (both trusted and untrusted) within the server environment, ("Training Mode"). The process of organizing these clusters is guided through the use of a built-in knowledgebase of published attack signatures. Once the required number of training events has been collected, ThreatSentry shifts automatically into "Monitor" mode. In "Monitor Mode" ThreatSentry compares all incoming requests to IIS against the Training Database to determine whether it falls within acceptable distance of trusted activity. If it does, the process continues. If it does not, ThreatSentry initiates whatever action/s have been configured, ranging from posting an on screen alert, to blocking the untrusted connection, or shutting down IIS. Maintaining ThreatSentry is simple. As described in the maintenance tips above, proper classification of events is essential and can be accomplished as Security Alerts are displayed, or during periodic review of the Security Alert Log. After one or more events have been reclassified, the Training Database should be "Re-Trained" upon which ThreatSentry will remember not only the correct classification of the particular event/s, but also its various characteristics which will be applied to the analysis of subsequent events.