Adaptive parsing and normalizing of logs at MSSP
US10599668B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Oct 31, 2017 |
| Grant date | Mar 24, 2020 |
| Priority date | — |
| Expiry date | Apr 13, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L43/18
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method of normalizing security log data can include receiving one or more security logs including unstructured data from a plurality of devices and reviewing unstructured data of the one or more security logs. The method also can include automatically applying a probabilistic model of one or more engines to identify one or more attributes or features of the unstructured data, and determine whether the identified attributes or features are indicative of identifiable entities, and tagging one or more identifiable entities of the identifiable entities, as well as organizing tagged entities into one or more normalized logs having a readable format with a prescribed schema. In addition, the method can include reviewing the one or more normalized logs for potential security events.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.