Pattern discovery in a network security system
First Claim
Patent Images
1. A method comprising:
- receiving an event stream comprising a plurality of security events; and
discovering one or more previously unknown event patterns in the received event stream.
11 Assignments
0 Petitions
Accused Products
Abstract
Patterns can be discovered in security events collected by a network security system. In one embodiment, the present invention includes collecting and storing security events from a variety of monitor devices. In one embodiment, a subset of the stored security events is provided to a manager as an event stream. In one embodiment, the present invention further includes the manager discovering one or more previously unknown event patterns in the event stream.
88 Citations
27 Claims
-
1. A method comprising:
-
receiving an event stream comprising a plurality of security events; and
discovering one or more previously unknown event patterns in the received event stream. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A user interface for a network security system comprising:
a rule generation tool configured to convert a selected newly identified pattern into a correlation rule in response to a user action. - View Dependent Claims (12, 13)
-
14. A network security system comprising:
-
an event database storing a plurality of security events; and
a pattern discovery module to discover one or more previously unknown event patterns in an event stream, the event stream comprising a subset of the plurality of security events stored in the event database. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A machine-readable medium having stored thereon data representing instructions that, when executed by a processor of a network security system, cause the processor to perform operations comprising:
discovering one or more previously unknown event patterns in an event stream, the event stream comprising a selected subset security events previously stored by the network security system. - View Dependent Claims (23, 24, 25, 26, 27)
Specification