Method and system for analyzing and addressing alarms from network intrusion detection systems
First Claim
Patent Images
1. A method for analyzing and addressing alarms from network intrusion detection systems, comprising:
- receiving an alarm indicating an attack on a target host may have occurred;
automatically accessing the target host in response to the alarm; and
automatically identifying the presence of the attack on the target host.
2 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment of the invention, a method for analyzing and addressing alarms from network intrusion detection systems includes receiving an alarm indicating an attack on a target host may have occurred, automatically accessing the target host in response to the alarm, and identifying the presence of the attack on the target host.
107 Citations
41 Claims
-
1. A method for analyzing and addressing alarms from network intrusion detection systems, comprising:
-
receiving an alarm indicating an attack on a target host may have occurred;
automatically accessing the target host in response to the alarm; and
automatically identifying the presence of the attack on the target host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for analyzing and addressing alarms from network intrusion detection systems, comprising:
-
receiving an alarm indicating an attack on a target host may have occurred;
automatically accessing a storage location in response to the alarm;
determining whether investigation data for the target host already exists in the storage location;
if the investigation data exists and the investigation data is still valid, then accessing the investigation data; and
if the investigation data does not exist or if the investigation data exists but is invalid, then;
automatically accessing the target host;
identifying the presence of the attack on the target host;
identifying whether the attack was successful; and
identifying an audit trail of the attack on the target host. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system for analyzing and addressing alarms from network intrusion detection systems, comprising:
-
a network intrusion detection system (NIDS) operable to transmit an alarm indicating an attack on a target host may have occurred;
a software program embodied in a computer readable medium, the software program, when executed by a processor, operable to;
receive the alarm;
automatically access the target host in response to the alarm; and
automatically identify the presence of the attack on the target host. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A system for analyzing and addressing alarms from network intrusion detection systems, comprising:
-
means for receiving an alarm indicating an attack on a target host may have occurred;
means for automatically accessing the target host in response to the alarm; and
means for automatically identifying the presence of the attack on the target host. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification