Computer network security data management system and method
First Claim
Patent Images
1. A method for compiling data constructs each corresponding to the structure of security data received from a network component comprising the steps of:
- (a) identifying sets of data categories, each set corresponding to security data received from one of a plurality of network components;
(b) constructing database record definitions, each defining a record subdivided in accordance with one of the sets of data categories;
(c) receiving security data from the network components and output records, each record corresponding to one of the data constructs; and
(d) storing the data constructs.
0 Assignments
0 Petitions
Accused Products
Abstract
A software based system for compiling security data from an information network includes at least two network components, each providing data. A data parser is coupled to certain of the network'"'"'s components. The data parser has access to two parser scripts that correspond to the network'"'"'s component data. Categorized data is produced by applying the parser scripts to the data received from the network'"'"'s components.
8 Citations
28 Claims
-
1. A method for compiling data constructs each corresponding to the structure of security data received from a network component comprising the steps of:
-
(a) identifying sets of data categories, each set corresponding to security data received from one of a plurality of network components;
(b) constructing database record definitions, each defining a record subdivided in accordance with one of the sets of data categories;
(c) receiving security data from the network components and output records, each record corresponding to one of the data constructs; and
(d) storing the data constructs. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An information network security data compilation system, comprising:
-
(a) a first network component;
(b) a second network component; and
(c) a data interface coupled to the first and second network components having access to a first data construct and a second data construct, the data interface being operable to produce categorized data from the data received from the first and second network components, the data interface operating with the first and second data constructs, respectively. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19-26. -26. (canceled)
-
27. A method of compiling network security data comprising the steps of:
-
(a) collecting security data from a plurality of network components, the plurality of network components including at least a firewall and an intrusion detection system, and one of the network components is programmable by software and an information technology agent communicates with the software to collect the security data;
(b) accessing a plurality of different data constructs, each construct corresponding to a network component;
(c) applying the plurality of different data constructs to the security data to produce categorized and formatted data;
(d) storing the categorized and formatted data;
(e) transmitting the categorized and formatted data to a relational database;
(f) providing a user interface for submitting queries to the relational database;
(g) displaying the categorized and formatted data, or a subset thereof, in accordance with submitted queries;
(e) comparing the categorized and formatted data to at least one predetermined event definition; and
(f) generating a signal if the data matches at least one event definitions. - View Dependent Claims (28)
-
Specification