Event integration frameworks
First Claim
1. A computer-implemented method, comprising:
- by an event integration tool (“
EIT”
) implemented by computing hardware and configured to integrate information from a compliance and configuration control (“
CCC”
) tool with a security information and event management (“
SIEM”
) or logging tool, thereby providing a flexible output mechanism that allows a user or support engineer to customize the output from the CCC tool;
reading, by the EIT, output format configuration data defining a user-selected output format selected from multiple output formats;
inputting, by the EIT, first compliance data parsed from a compliance report generated by the CCC tool, the first compliance data indicating compliance results for one or more nodes in an information technology (“
IT”
) network relative to one or more compliance policies at a first time period;
determining, by the EIT, a compliance trend for the one or more nodes in the IT network by comparing the first compliance data to second compliance data from a previous compliance report, the second compliance data from the previous compliance report indicating the compliance status of the one or more nodes in the IT network at a second earlier time period that is previous to and different from the first time period; and
conditionally generating, by the EIT, an output message for the SIEM or logging tool according to the user-selected setting output format, the generating being performed only when (a) the compliance trend is less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period, and (b) the user-selected setting indicates a conditional reporting mode in which output messages are generated only if the compliance trend indicates that the one or more nodes are less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from a compliance and configuration control (“CCC”) tool and generating information for a security information and event management (“SIEM”) tool based on the information from the CCC tool. For example, in one exemplary embodiment, information from a CCC tool is transferred to a SIEM tool or logging tool by receiving the information from the CCC tool in a format that is not recognized by the SIEM tool or logging tool, and generating an output message in a message format that is recognized by the SIEM tool or logging tool. In particular embodiments, the message format is a customizable message format that is adaptable to multiple different SIEM tools or logging tools. In further embodiments, the data transferred to the SIEM tool comprises data indicative of compliance policy changes.
67 Citations
12 Claims
-
1. A computer-implemented method, comprising:
by an event integration tool (“
EIT”
) implemented by computing hardware and configured to integrate information from a compliance and configuration control (“
CCC”
) tool with a security information and event management (“
SIEM”
) or logging tool, thereby providing a flexible output mechanism that allows a user or support engineer to customize the output from the CCC tool;reading, by the EIT, output format configuration data defining a user-selected output format selected from multiple output formats; inputting, by the EIT, first compliance data parsed from a compliance report generated by the CCC tool, the first compliance data indicating compliance results for one or more nodes in an information technology (“
IT”
) network relative to one or more compliance policies at a first time period;determining, by the EIT, a compliance trend for the one or more nodes in the IT network by comparing the first compliance data to second compliance data from a previous compliance report, the second compliance data from the previous compliance report indicating the compliance status of the one or more nodes in the IT network at a second earlier time period that is previous to and different from the first time period; and conditionally generating, by the EIT, an output message for the SIEM or logging tool according to the user-selected setting output format, the generating being performed only when (a) the compliance trend is less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period, and (b) the user-selected setting indicates a conditional reporting mode in which output messages are generated only if the compliance trend indicates that the one or more nodes are less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period. - View Dependent Claims (2, 3, 4)
-
5. One or more non-transitory computer-readable media storing computer-executable instructions which when executed by a computer cause the computer to perform a method for integrating information from a compliance and configuration control (“
- CCC”
) tool with a security information and event management (“
STEM”
) or logging tool using an event integration tool that provides a flexible output mechanism allowing a user or support engineer to customize the output from the CCC tool, the method comprising;reading output format configuration data defining a user-selected output format; inputting compliance data parsed from a compliance report generated by the CCC tool, the compliance data indicating compliance results for one or more nodes in an information technology (“
IT”
) network relative to one or more compliance policies at a first time period;determining a compliance trend for one or more nodes in the IT network by comparing the compliance data to compliance data from a previous compliance report, the compliance data from the previous compliance report indicating the compliance status of the one or more nodes in the IT network at a second earlier time period that is previous to and different from the first time period; and conditionally generating an output message for the SIEM or logging tool according to the user-selected setting output format, the generating being performed only when (a) the compliance trend is less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period, and (b) the user-selected setting indicates a conditional reporting mode in which output messages are generated only if the compliance trend indicates that the one or more nodes are less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period. - View Dependent Claims (6, 7, 8)
- CCC”
-
9. A system, comprising:
-
one or more processors; and one or more non-transitory computer-readable media storing computer-executable instructions which when executed by the one or more processors cause the one or more processors to perform a method for integrating information from a compliance and configuration control (“
CCC”
) tool with a security information and event management (“
STEM”
) or logging tool using an event integration tool that provides a flexible output mechanism allowing a user or support engineer to customize the output from the CCC tool, comprising;reading output format configuration data defining a user-selected output format; inputting compliance data parsed from a compliance report generated by the CCC tool, the compliance data indicating compliance results for one or more nodes in an information technology (“
IT”
) network relative to one or more compliance policies at a first time period;determining a compliance trend for one or more nodes in the IT network by comparing the compliance data to compliance data from a previous compliance report, the compliance data from the previous compliance report indicating the compliance status of the one or more nodes in the IT network at a second earlier time period that is previous to and different from the first time period; and conditionally generating an output message for the SIEM or logging tool according to the user-selected setting output format, the generating being performed only when (a) the compliance trend is less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period, and (b) the user-selected setting indicates a conditional reporting mode in which output messages are generated only if the compliance trend indicates that the one or more nodes are less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period. - View Dependent Claims (10, 11, 12)
-
Specification