Patent · US Active

Intrusion event correlation with network discovery information

US8046833B2 · kind B2 · utility

24Cited by

80References

26Claims

0Family size

Assignee

Sourcefire, Inc. · US

Inventors

Eric Gustafson · Tucson, US
Brian Rittermann · Ellicott City, US

Key dates

Filing date	Nov 14, 2005
Grant date	Oct 25, 2011
Priority date	—
Expiry date	Aug 24, 2028

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A policy component includes policy configuration information. The policy configuration information contains one or more rules. Each rule and group of rules can be associated with a set of response actions. As the nodes on the monitored networks change or intrusive actions are introduced on the networks, network change events or intrusion events are generated. The policy component correlates network change events and/or intrusions events with network map information. The network map contains information on the network topology, services and network devices, amongst other things. When certain criteria is satisfied based on the correlation, a policy violation event may be issued by the system resulting in alerts or remediations.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.