System and method for correlating log data to discover network vulnerabilities and assets
US9467464B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 8, 2013 |
| Grant date | Oct 11, 2016 |
| Priority date | — |
| Expiry date | Dec 31, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1408
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The disclosure relates to a log correlation engine that may cross-reference or otherwise leverage existing vulnerability data in an extensible manner to support network vulnerability and asset discovery. In particular, the log correlation engine may receive various logs that contain events describing observed network activity and discover a network vulnerability in response to the logs containing at least one event that matches a regular expression in at least one correlation rule that indicates a vulnerability. The log correlation engine may then obtain information about the indicated vulnerability from at least one data source cross-referenced in the correlation rule and generate a report that the indicated vulnerability was discovered in the network, wherein the report may include the information about the indicated vulnerability obtained from the at least one data source cross-referenced in the correlation rule.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.