Real time monitoring and analysis of events from multiple network security devices
US7376969B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 2, 2002 |
| Grant date | May 20, 2008 |
| Priority date | — |
| Expiry date | Oct 3, 2024 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/55
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Security events generated by a number of network devices are gathered and normalized to produce normalized security events in a common schema. The normalized security events are cross-correlated according to rules to generate meta-events. The security events may be gathered remotely from a system at which the cross-correlating is performed. Any meta-events that are generated may be reported by generating alerts for display at one or more computer consoles, or by sending an e-mail message, a pager message, a telephone message, and/or a facsimile message to an operator or other individual. In addition to reporting the meta-events, the present system allows for taking other actions specified by the rules, for example executing scripts or other programs to reconfigure one or more of the network devices, and or to modify or update access lists, etc.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.