Apparatus and method for network analysis
First Claim
Patent Images
1. A method of parsing sessions in disparate protocols into a common language comprising the steps of:
- receiving sessions in disparate protocols;
parsing the sessions in disparate protocols into sessions of a common language; and
communicating the common-language sessions to an analyzer.
16 Assignments
0 Petitions
Accused Products
Abstract
A system for and method of extracting information from multiple sessions of disparate protocols into a common language is disclosed. A method of creating a record conforming to an event-based language is also disclosed. A system configured to create a record conforming to an event-based language is also disclosed.
-
Citations
25 Claims
-
1. A method of parsing sessions in disparate protocols into a common language comprising the steps of:
-
receiving sessions in disparate protocols;
parsing the sessions in disparate protocols into sessions of a common language; and
communicating the common-language sessions to an analyzer. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for parsing sessions in disparate protocols into a common language comprising:
-
a parser director;
parsers; and
an analyzer, wherein the parser director is configured to direct a session of a particular protocol to a parser configured to parse sessions of the particular protocol, wherein each of the parsers is configured to parse sessions of a particular protocol into sessions of a common language, and wherein the analyzer is configured to analyze the common-language sessions. - View Dependent Claims (7)
-
-
8. A method of extracting information from a session to create a record conforming to an event-based language comprising the steps of:
-
receiving a session;
extracting information from the session;
translating the information into an event statement describing an event between a first entity and a second entity; and
creating a record containing the event statement. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25)
-
-
23. An event-based language for use in network security comprising:
-
a session statement configured to describe a session of which an event is a part;
an event statement configured to describe the event through an action between a first entity and a second entity using an application; and
a properties statement configured to describe properties of the event.
-
Specification