Systems and methods for minimizing security logs

US 20050273673A1
Filed: 05/19/2005
Published: 12/08/2005
Est. Priority Date: 05/19/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for consolidating a computer security log, comprising:

providing a security log including information pertaining to security events on a computer system, the log including entries specifying at least information identifying a relative time each event occurred and information identifying a type of each event;

determining from the log a number of times a particular type of event occurred during a specified time period; and

creating a consolidated log including for each entry at least information identifying a first time that the particular type of event occurred during the specified time period, information identifying the type of the particular event and information indicating a number of times the particular type of event occurred during the specified time period.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for consolidating a computer security log includes providing a security log including information pertaining to security events on a computer system, the log including entries specifying at least information identifying a relative time each event occurred and information identifying a type of each event, determining from the log a number of times a particular type of event occurred during a specified time period and creating a consolidated log including for each entry at least information identifying a first time that the particular type of event occurred during the specified time period, information identifying the type of the particular event and information indicating a number of times the particular type of event occurred during the specified time period.

42 Citations

View as Search Results

21 Claims

1. A method for consolidating a computer security log, comprising:
- providing a security log including information pertaining to security events on a computer system, the log including entries specifying at least information identifying a relative time each event occurred and information identifying a type of each event;
  
  determining from the log a number of times a particular type of event occurred during a specified time period; and
  
  creating a consolidated log including for each entry at least information identifying a first time that the particular type of event occurred during the specified time period, information identifying the type of the particular event and information indicating a number of times the particular type of event occurred during the specified time period.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as recited in claim 1, wherein the security events comprise intrusion attempts to the computer system.
  - 3. A method as recited in claim 1, further comprising detecting intrusion detection signatures on the computer system and generating the security log based thereon.
  - 4. A method as recited in claim 3, wherein the intrusion detection signatures comprise patterns in electronic traffic on the computer system.
  - 5. A method as recited in claim 4, wherein the computer system comprises a computer network and the intrusion detection signatures comprise patterns in network traffic.
  - 6. A method as recited in claim 4, wherein the computer system comprises a host computer and the intrusion detection signatures comprise unauthorized access attempts thereto.
  - 7. A method as recited in claim 4, wherein the computer system comprises a plurality of networked host computer systems, the intrusion detection signatures comprise unauthorized access attempts to the host computer systems and wherein the security logs of a plurality of the networked host computer systems are consolidated on one of the networked host computer systems.

8. A programmed computer for consolidating at least one computer security log, comprising:
- a system for providing a security log including information pertaining to security events on a computer system, the log including entries specifying at least information identifying a relative time each event occurred and information identifying a type of each event;
  
  a system for determining from the log a number of times a particular type of event occurred during a specified time period; and
  
  a system for creating a consolidated log including for each entry at least information identifying a first time that the particular type of event occurred during the specified time period, information identifying the type of the particular event and information indicating a number of times the particular type of event occurred during the specified time period.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A programmed computer as recited in claim 8, wherein the security events comprise intrusion attempts to the computer system.
  - 10. A programmed computer as recited in claim 8, further comprising detecting intrusion detection signatures on the computer system and generating the security log based thereon.
  - 11. A programmed computer as recited in claim 10, wherein the intrusion detection signatures comprise patterns in electronic traffic on the computer system.
  - 12. A programmed computer as recited in claim 11, wherein the computer system comprises a computer network and the intrusion detection signatures comprise patterns in network traffic.
  - 13. A programmed computer as recited in claim 11, wherein the computer system comprises a host computer and the intrusion detection signatures comprise unauthorized access attempts thereto.
  - 14. A programmed computer as recited in claim 11, wherein the computer system comprises a plurality of networked host computer systems, the intrusion detection signatures comprise unauthorized access attempts to the host computer systems and wherein the security logs of a plurality of the networked host computer systems are consolidated on said programmed computer.

15. A computer recording medium including computer executable code for consolidating a computer security log, comprising:
- code for providing a security log including information pertaining to security events on a computer system, the log including entries specifying at least information identifying a relative time each event occurred and information identifying a type of each event;
  
  code for determining from the log a number of times a particular type of event occurred during a specified time period; and
  
  code for creating a consolidated log including for each entry at least information identifying a first time that the particular type of event occurred during the specified time period, information identifying the type of the particular event and information indicating a number of times the particular type of event occurred during the specified time period.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. A computer recording medium as recited in claim 15, wherein the security events comprise intrusion attempts to the computer system.
  - 17. A computer recording medium as recited in claim 15, further comprising code for detecting intrusion detection signatures on the computer system and generating the security log based thereon.
  - 18. A computer recording medium as recited in claim 17, wherein the intrusion detection signatures comprise patterns in electronic traffic on the computer system.
  - 19. A computer recording medium as recited in claim 18, wherein the computer system comprises a computer network and the intrusion detection signatures comprise patterns in network traffic.
  - 20. A computer recording medium as recited in claim 18, wherein the computer system comprises a host computer and the intrusion detection signatures comprise unauthorized access attempts thereto.
  - 21. A computer recording medium as recited in claim 18, wherein the computer system comprises a plurality of networked host computer systems, the intrusion detection signatures comprise unauthorized access attempts to the host computer systems and wherein the security logs of a plurality of the networked host computer systems are consolidated on one of the networked host computer systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Original Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Inventors
Gassoway, Paul

Application Number

US11/132,645
Publication Number

US 20050273673A1
Time in Patent Office

Days
Field of Search
US Class Current

714/45
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 2221/2101   Auditing as a secondary aspect

H04L 43/00   Arrangements for monitoring...

H04L 63/1425   Traffic logging, e.g. anoma...

Systems and methods for minimizing security logs

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for minimizing security logs

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links