Logging attack context data
US9686309B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 3, 2015 |
| Grant date | Jun 20, 2017 |
| Priority date | — |
| Expiry date | Jun 25, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods and systems for improved attack context data logging are provided. According to one embodiment, configuration information is received from an administrator of a network security device. The configuration information includes information indicative of a quantity of packets to be captured for post attack analysis. Responsive to receipt of the configuration information, a size of a circular buffer is configured based thereon. Multiple packets directed to a network protected by the network security device are received from an external network. The received packets are temporarily buffered within the circular buffer. An analysis is performed to determine whether one of the received packets is potentially associated with a threat or undesired activity (“trigger packet”). Responsive to an affirmative determination, contextual information is captured by extracting information regarding at least a portion of the configured quantity of packets from the circular buffer and storing the contextual information within a log.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.