System security event notification aggregation and non-repudiation
First Claim
Patent Images
1. A method comprising:
- receiving an item of security information from a security agent monitoring a host network client;
receiving an additional item of security information from a security agent monitoring the host network client;
aggregating the items of security information into a combined alert message; and
transmitting the combined alert message to a security management console.
2 Assignments
0 Petitions
Accused Products
Abstract
An aggregation agent may combine and correlate information generated by multiple on-host agents and/or information generated in response to multiple security events. The aggregation agent may transmit the combined information to a security console. The security console may check the identity of the aggregation agent to determine whether to accept the information.
-
Citations
24 Claims
-
1. A method comprising:
-
receiving an item of security information from a security agent monitoring a host network client;
receiving an additional item of security information from a security agent monitoring the host network client;
aggregating the items of security information into a combined alert message; and
transmitting the combined alert message to a security management console. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An article of manufacture comprising a machine accessible medium having content to provide instructions to result in a machine performing operations including:
-
receiving multiple security alerts indicating multiple security events on a host machine;
aggregating the security alerts to generate a security message;
signing the security message with a digital authentication; and
transmitting the signed security message to a security management console. - View Dependent Claims (13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
a receiver to receive alerts from multiple host security agents, each alert destined for a console corresponding to a respective host security agent;
a transport agent coupled to the receiver to gather and cross-correlate the alerts, and prepare a single security alert message to indicate the alerts; and
a transmitter coupled to the transport agent to transmit the security alert message to the consoles over a network. - View Dependent Claims (18, 19, 20, 21)
-
-
22. An apparatus comprising:
-
a network interface circuit having an aggregation agent to join multiple security messages from a security monitor on a host machine into a single alert and sign the single alert, a receive path to receive the multiple security messages, and a transmitter coupled to a network to transmit the single alert to a network management server; and
a twisted pair cable coupled to the network interface circuit to couple the network interface circuit to a network. - View Dependent Claims (23, 24)
-
Specification