Real-time user awareness for a computer network

US 20080276319A1
Filed: 04/29/2008
Published: 11/06/2008
Est. Priority Date: 04/30/2007
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computer system, for determining a user name likely to be associated with an attack, a configuration, or a vulnerability, comprising:

obtaining first data which associates user names with individual IP addresses onto which the user names were logged in;

obtaining second data which associates attacks, configurations, or vulnerabilities with individual IP addresses on which the attacks occurred or on which the configurations or vulnerabilities exist; and

associating the user names from the first data with the attacks, configurations or vulnerabilities from the second data based on having the same IP address during a log-in,wherein an individual user name is indicated as being associated with attacks which occurred while the individual user name was logged in or with configurations or vulnerabilities for an IP address onto which the user logs in.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system, device, computer software, and/or method performed by a computer system, is provided for determining a user name likely to be associated with an attack, a configuration, or a vulnerability. First data is obtained which associates user names with individual IP addresses onto which the user names were logged in. Second data is obtained which associates attacks, configurations, or vulnerabilities with individual IP addresses on which the attacks occurred or on which the configurations or vulnerabilities exist. The user names from the first data are associated with the attacks, configurations or vulnerabilities from the second data based on having the same IP address during a log-in. An individual user name is indicated as being associated with attacks which occurred while the individual user name was logged in or with configurations or vulnerabilities for an IP address onto which the user logs in.

141 Citations

View as Search Results

20 Claims

1. A method performed by a computer system, for determining a user name likely to be associated with an attack, a configuration, or a vulnerability, comprising:
- obtaining first data which associates user names with individual IP addresses onto which the user names were logged in;
  
  obtaining second data which associates attacks, configurations, or vulnerabilities with individual IP addresses on which the attacks occurred or on which the configurations or vulnerabilities exist; and
  
  associating the user names from the first data with the attacks, configurations or vulnerabilities from the second data based on having the same IP address during a log-in,wherein an individual user name is indicated as being associated with attacks which occurred while the individual user name was logged in or with configurations or vulnerabilities for an IP address onto which the user logs in.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising displaying a list of attacks, configurations or vulnerabilities and respective user names individually associated therewith.
  - 3. The method according to claim 1, further comprising deriving vulnerabilities for the configurations from the second data, and displaying a list of configurations which have the derived vulnerabilities and respective user names individually associated therewith.
  - 4. The method according to claim 1, further comprising querying for respective real names of the user names, and providing the respective real names and attacks, configurations or vulnerabilities individually associated therewith.
  - 5. The method according to claim 1, wherein the user name is determined to be no longer associated with the IP address if there is another log-in on the IP address.
  - 6. The method according to claim 1, wherein the user name includes an e-mail address or an IM (instant message) address.
  - 7. The method according to claim 1, further comprising writing rules for a compliance policy or remediation system based on the user name.

8. A computer-readable medium comprising instructions being executed by a computer, the instructions including a computer-implemented method for determining a user name likely to be associated with an attack, a configuration, or a vulnerability, the instructions for implementing:
- obtaining first data which associates user names with individual IP addresses onto which the user names were logged in;
  
  obtaining second data which associates attacks, configurations or vulnerabilities with individual IP addresses on which the attacks occurred or on which the configurations or vulnerabilities exist; and
  
  associating the user names from the first data with the attacks, configurations or vulnerabilities from the second data based on having the same IP address during a log-in,wherein an individual user name is indicated as being associated with attacks which occurred while the individual user name was logged in and with configurations or vulnerabilities for an IP address onto which the user logs in.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable medium according to claim 8, further comprising instructions for displaying a list of attacks, configurations or vulnerabilities and respective user names individually associated therewith.
  - 10. The computer-readable medium according to claim 8, further comprising instructions for deriving vulnerabilities for the configurations from the second data, and displaying a list of configurations which have the derived vulnerabilities and respective user names individually associated therewith.
  - 11. The computer-readable medium according to claim 8, further comprising instructions for querying for respective real names of the user names, and providing the respective real names and attacks, configurations or vulnerabilities individually associated therewith.
  - 12. The computer-readable medium according to claim 8, wherein the user name is determined to be no longer associated with the IP address if there is another log-in on the IP address.
  - 13. The computer-readable medium according to claim 8, wherein the user name includes an e-mail address or an IM (instant message) address.
  - 14. The computer-readable medium according to claim 8, further comprising instructions for writing rules for a compliance engine or remediation system based on the user name.

15. A computer system for determining a user name likely to be associated with an attack, a configuration, or a vulnerability, comprising:
- a display operable to receive screens to be displayed to a user, anda processor cooperatively operable with the memory and the display, and configured to facilitate;
  
  obtaining first data which associates user names with individual IP addresses onto which the user names were logged in;
  
  obtaining second data which associates attacks, configurations or vulnerabilities with individual IP addresses on which the attacks occurred or on which the configurations or vulnerabilities exist; and
  
  associating the user names from the first data with the attacks, configurations or vulnerabilities from the second data based on having the same IP address during a log-in,wherein an individual user name is indicated in a screen to be displayed to a user as being associated with attacks which occurred while the individual user name was logged in and with configurations or vulnerabilities for an IP address onto which the user logs in.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system according to claim 15, wherein the processor is further configured to display, on the display, a list of attacks, configurations or vulnerabilities and respective user names individually associated therewith.
  - 17. The computer system according to claim 15, wherein the processor is further configured to derive vulnerabilities for the configurations from the second data, and to display a list of configurations which have the derived vulnerabilities and respective user names individually associated therewith
  - 18. The computer system according to claim 15, wherein the processor is further configured to query for respective real names of the user names, and providing the respective real names and attacks, configurations or vulnerabilities individually associated therewith.
  - 19. The computer system according to claim 15, wherein the processor is further configured to determine that the user name is no longer associated with the IP address if there is another log-in on the IP address.
  - 20. The computer system according to claim 15, wherein the user name includes an e-mail address or an IM (instant message) address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Sourcefire Incorporated (Cisco Systems, Inc.)
Inventors
Rittermann, Brian

Granted Patent

US 8,127,353 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/552   involving long-term monitor...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Real-time user awareness for a computer network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

141 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Real-time user awareness for a computer network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others