Method and apparatus for exercising and debugging correlations for network security system
US7899901B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 2, 2002 |
| Grant date | Mar 1, 2011 |
| Priority date | — |
| Expiry date | Sep 5, 2025 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/552
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A selected time interval of previously stored security events generated by a number of computer network devices are replayed and cross-correlated according to rules defining security incidents. Meta-events are generated when the security events satisfy conditions associated with one or more of the rules. The rules used during replay may differ from prior rules used at a time when the security events occurred within a computer network that included the computer network devices. In this way, new rules can be tested against true security event data streams to determine whether or not the rules should be used in a live environment (i.e., the efficacy of the rules can be tested and/or debugged against actual security event data).
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.