Secure auditing of information systems
First Claim
1. A method for analyzing audit log data, comprising the steps of:
- storing text strings from a plurality of devices in a log database, each of the text strings being indicative of an audit event in the respective device;
retrieving at least a portion of the text strings from the log database;
parsing the retrieved text strings according to pre-defined parsing rules;
mapping each of the retrieved text strings to a respective audit event;
filtering the retrieved text strings based on the respective audit event; and
displaying representations of the filtered text strings on a grid using color-coded areas, the horizontal axis of the grid representing a first time scale and the vertical axis of the grid representing a second time scale different from the first time scale.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are provided for analyzing audit log data. Text strings from a plurality of devices are stored in a log database, each of the text strings being indicative of an audit event in the respective device. At least a portion of the text strings are retrieved from the log database and the retrieved text strings are parsed according to pre-defined parsing rules. Each of the retrieved text strings is mapped to a respective audit event. The retrieved text strings are mapped based on the respective audit event. Representations of the filtered text strings are displayed on a grid using color-coded areas. The horizontal axis of the grid represents a first time scale and the vertical axis of the grid represents a second time scale different from the first time scale.
171 Citations
4 Claims
-
1. A method for analyzing audit log data, comprising the steps of:
-
storing text strings from a plurality of devices in a log database, each of the text strings being indicative of an audit event in the respective device;
retrieving at least a portion of the text strings from the log database;
parsing the retrieved text strings according to pre-defined parsing rules;
mapping each of the retrieved text strings to a respective audit event;
filtering the retrieved text strings based on the respective audit event; and
displaying representations of the filtered text strings on a grid using color-coded areas, the horizontal axis of the grid representing a first time scale and the vertical axis of the grid representing a second time scale different from the first time scale. - View Dependent Claims (2)
-
-
3. A method for analyzing audit log data, comprising the steps of:
-
storing text strings from a plurality of devices in a log database, each of the text strings being indicative of an audit event in the respective device;
retrieving at least a portion of the text strings from the log database;
parsing the retrieved text strings according to pre-defined parsing rules;
mapping each of the retrieved text strings to a respective audit event;
filtering the retrieved text strings based on the respective audit event;
displaying representations of the filtered text strings on a graph using lines extending between a plurality of vertical axes, each of the vertical axes representing an audit event parameter. - View Dependent Claims (4)
-
Specification