-
公开(公告)号:US09027120B1
公开(公告)日:2015-05-05
申请号:US10683191
申请日:2003-10-10
CPC分类号: G06F21/606 , G06F21/552 , H04L41/044 , H04L41/046 , H04L41/0604 , H04L41/0631 , H04L63/1416 , H04L63/20
摘要: A network security system having a hierarchical configuration is provided. In one embodiment the present invention includes a plurality of subsystems, where each subsystem includes a plurality of distributed software agents configured to collect base security events from monitor devices, and a local manager module coupled to the plurality of distributed software agents to generate correlated events by correlating the base security events. Each subsystem can also include a filter coupled to the manager module to select which base security events are to be processed further. The selected base security events are passed to a global manager module coupled to the plurality of subsystems that generates global correlated events by correlating the base security events selected for further processing by each filter of each subsystem.
摘要翻译: 提供具有层次结构的网络安全系统。 在一个实施例中,本发明包括多个子系统,其中每个子系统包括配置成从监视器设备收集基本安全事件的多个分布式软件代理,以及耦合到多个分布式软件代理的本地管理器模块,以通过 关联基础安全事件。 每个子系统还可以包括耦合到管理器模块的过滤器,以选择要进一步处理哪些基本安全事件。 所选择的基本安全事件被传递到耦合到多个子系统的全局管理器模块,其通过将每个子系统的每个过滤器选择用于进一步处理的基本安全事件相关联来生成全局相关事件。
-
公开(公告)号:US20120260306A1
公开(公告)日:2012-10-11
申请号:US13443682
申请日:2012-04-10
IPC分类号: G06F21/00
CPC分类号: G06F21/554 , G06Q10/06
摘要: First stage meta-events are generated based on analyzing time attributes of base events received from a network component. Second stage meta-events are generated based on a number of the first stage meta-events that have a time attribute falling within a time period. An amount of time that has passed since a most-recent second stage meta-event was generated is determined, and if a threshold time period does not exceed the amount of time that has passed since the most-recent second stage meta-event was detected, a third stage meta-event is determined.
摘要翻译: 基于从网络组件接收的基本事件的时间属性分析,生成第一阶段元事件。 基于具有落在时间段内的时间属性的第一级元事件的数量来生成第二级元事件。 确定从最近的第二阶段元事件生成以来已经过去的时间量,并且如果阈值时间段不超过从检测到最近的第二阶段元事件以来已经过去的时间量 ,确定第三阶段元事件。
-
公开(公告)号:US07333999B1
公开(公告)日:2008-02-19
申请号:US10698814
申请日:2003-10-30
申请人: Hugh S. Njemanze
发明人: Hugh S. Njemanze
IPC分类号: G06F17/00
CPC分类号: G06F8/33 , Y10S707/99943
摘要: A prefix expression tree showing an expression can be supplemented to also display the expression in infix notation. In one embodiment, the present invention includes displaying an expression being capable of representation in infix and prefix notation in prefix expression tree format. In one embodiment, the expression includes a plurality of operators and operands, and the plurality of operands make up the leaves of the expression tree. In one embodiment, the present invention further includes inserting a plurality of infix operators corresponding with the plurality of operators into the prefix expression tree, wherein, the plurality of operands and infix operators represent the expression in infix notation.
摘要翻译: 可以补充显示表达式的前缀表达式树,还可以以中缀符号显示表达式。 在一个实施例中,本发明包括以前缀表达式树形式显示能够以中缀和前缀符号表示的表达式。 在一个实施例中,表达式包括多个运算符和操作数,并且多个操作数组成表达式树的叶。 在一个实施例中,本发明还包括将与多个运算符相对应的多个中缀运算符插入到前缀表达树中,其中,多个操作数和中缀运算符以中缀符号表示。
-
公开(公告)号:US20130081065A1
公开(公告)日:2013-03-28
申请号:US13700330
申请日:2011-06-01
IPC分类号: G06F9/54
CPC分类号: G06F9/542 , G06F11/3006 , G06F11/302 , G06F11/3072 , G06F16/252 , G06Q10/08 , H04L63/1425
摘要: Mapping event data to a domain schema includes receiving (301) event data for an event, wherein the event data is arranged in a source schema of a data source providing the event data. A best fit domain schema is determined (302) from a plurality of domain schemas, wherein the domain schemas include different fields from the source schema. The event data in the source schema is mapped (303) to the best fit domain schema.
摘要翻译: 将事件数据映射到域模式包括接收(301)事件的事件数据,其中事件数据被布置在提供事件数据的数据源的源模式中。 从多个域模式确定最佳拟合域模式(302),其中所述域模式包括与源模式不同的字段。 源模式中的事件数据被映射(303)到最佳拟合域模式。
-
公开(公告)号:US08230507B1
公开(公告)日:2012-07-24
申请号:US12791556
申请日:2010-06-01
IPC分类号: G06F11/00
CPC分类号: H04L63/1408 , H04L41/0213 , H04L41/0631 , H04L63/20
摘要: The present invention provides for the receipt of a request to modify a software agent's configuration at a server-based manager. A determination of the modifications to the software agent is made at the server-based manager. The requested modifications are then delivered to the software agent. The software agent interprets the requested modifications and implements them.
摘要翻译: 本发明提供在基于服务器的管理器处接收到修改软件代理的配置的请求。 在基于服务器的管理器上确定对软件代理的修改。 然后将所请求的修改传递给软件代理。 软件代理解释所请求的修改并实现它们。
-
公开(公告)号:US07788722B1
公开(公告)日:2010-08-31
申请号:US10308548
申请日:2002-12-02
IPC分类号: G06F11/00
CPC分类号: H04L63/1408 , H04L41/0213 , H04L41/0631 , H04L63/20
摘要: The present invention provides for the receipt of a request to modify a software agent's configuration at a server-based manager. A determination of the modifications to the software agent is made at the server-based manager. The requested modifications are then delivered to the software agent. The software agent interprets the requested modifications and implements them.
摘要翻译: 本发明提供在基于服务器的管理器处接收到修改软件代理的配置的请求。 在基于服务器的管理器上确定对软件代理的修改。 然后将所请求的修改传递给软件代理。 软件代理解释所请求的修改并实现它们。
-
公开(公告)号:US07607169B1
公开(公告)日:2009-10-20
申请号:US10308418
申请日:2002-12-02
申请人: Hugh S. Njemanze , Rajesh P. Bhatt
发明人: Hugh S. Njemanze , Rajesh P. Bhatt
IPC分类号: G06F11/00
CPC分类号: G06F11/32 , H04L63/1416
摘要: A user interface for a network security console associated with multiple network security devices is disclosed. A graphical user interface (GUI) for use with an intrusion detection system, comprises a radar display that is configured to simulate a stream of time-based events chronologically. In addition, one or more playback controls are configured to control the stream during simulation. In further embodiments, the radar display includes a slider configured to allow a user to jump to events that occurred at a user-defined time.
摘要翻译: 公开了一种用于与多个网络安全设备相关联的网络安全控制台的用户界面。 用于与入侵检测系统一起使用的图形用户界面(GUI)包括被配置成按时间顺序模拟基于时间的事件流的雷达显示器。 另外,一个或多个回放控制被配置为在模拟期间控制流。 在另外的实施例中,雷达显示器包括滑块,其被配置为允许用户跳转到在用户定义的时间发生的事件。
-
8.发明授权Real time monitoring and analysis of events from multiple network security devices 有权实时监控和分析来自多个网络安全设备的事件公开(公告)号:US07376969B1
公开(公告)日:2008-05-20
申请号:US10308415
申请日:2002-12-02
CPC分类号: H04L63/1425 , G06F21/55
摘要: Security events generated by a number of network devices are gathered and normalized to produce normalized security events in a common schema. The normalized security events are cross-correlated according to rules to generate meta-events. The security events may be gathered remotely from a system at which the cross-correlating is performed. Any meta-events that are generated may be reported by generating alerts for display at one or more computer consoles, or by sending an e-mail message, a pager message, a telephone message, and/or a facsimile message to an operator or other individual. In addition to reporting the meta-events, the present system allows for taking other actions specified by the rules, for example executing scripts or other programs to reconfigure one or more of the network devices, and or to modify or update access lists, etc.
摘要翻译: 收集并归一化由多个网络设备生成的安全事件,以在公共模式中生成归一化的安全事件。 归一化的安全事件根据规则进行交叉相关,以生成元事件。 可以从执行交叉相关的系统远程收集安全事件。 生成的任何元事件可以通过生成用于在一个或多个计算机控制台上显示的警报来报告,或者通过向操作者或其他人发送电子邮件消息,寻呼机消息,电话消息和/或传真消息来报告 个人。 除了报告元事件之外,本系统允许采取规则指定的其他动作,例如执行脚本或其他程序来重新配置一个或多个网络设备,以及修改或更新访问列表等。
-
公开(公告)号:US08613083B1
公开(公告)日:2013-12-17
申请号:US11740203
申请日:2007-04-25
IPC分类号: G06F11/00
CPC分类号: H04L63/0218 , H04L63/1416
摘要: In one embodiment, the present invention provides for receiving security events from a network device by a distributed software agent of a network security system, determining a priority of each received security event, and storing the security events in a plurality of prioritized event buffers based on the determined priorities for a period of time determined by a timer. Upon expiration of the timer, a batch of security events for transport to a security event manager of the network security system can be created by including security events in the batch in order of priority until the batch is full.
摘要翻译: 在一个实施例中,本发明提供了由网络安全系统的分布式软件代理从网络设备接收安全事件,确定每个接收到的安全事件的优先级,并且基于以下方式将安全事件存储在多个优先事项的事件缓冲器中: 由定时器确定的一段时间的确定的优先级。 在计时器到期时,可以通过以优先级的顺序包括批处理中的安全事件直到批量满满来创建用于传输到网络安全系统的安全事件管理器的一批安全事件。
-
公开(公告)号:US08230512B1
公开(公告)日:2012-07-24
申请号:US12493012
申请日:2009-06-26
申请人: Hugh S. Njemanze
发明人: Hugh S. Njemanze
IPC分类号: G06F11/00
CPC分类号: H04L63/16 , H04L41/046 , H04L63/20
摘要: Clocks used by network security devices can be synchronized by a network security system. In one embodiment, the synchronization can include the network security system receiving a first stream of alerts from a first network security device having a first clock, each alert in the first stream representing an event detected by the first network security device and including a time of detection by the first network security device according to the first clock. Similarly, the network security system can receive a second stream of alerts from a second network security device having a second clock, each alert in the second stream representing an event detected by the second network security device and including a time of detection by the second network security device according to the second clock. The system can then identify a common event represented by a first alert in the first stream from the first network security device and by a second alert in the second stream from the second network security device, and then synchronize the first clock and the second clock using the common event.
摘要翻译: 网络安全设备使用的时钟可以由网络安全系统同步。 在一个实施例中,同步可以包括网络安全系统从具有第一时钟的第一网络安全设备接收警报的第一流,第一流中的每个警报表示由第一网络安全设备检测到的事件,并且包括时间 根据第一时钟由第一网络安全设备进行检测。 类似地,网络安全系统可以从具有第二时钟的第二网络安全设备接收第二警报,第二流中的每个警报表示由第二网络安全设备检测到的事件,并且包括由第二网络检测的时间 安全设备根据第二个时钟。 然后,系统可以识别来自第一网络安全设备的第一流中的第一警报表示的公共事件,以及来自第二网络安全设备的第二流中的第二警报,然后使用 常见的事件。
-
-
-
-
-
-
-
-
-
搜索结果
24 条记录 (耗时 0.014 秒)
