METHODS AND SYSTEMS FOR ANALYZING SECURITY EVENTS
3 Assignments
0 Petitions
Accused Products
Abstract
In one aspect, the technology relates to a method for analyzing a security event in a distributed fashion. The method includes the steps of detecting an occurrence of a security event within a customer network and querying a first component of the customer network for data in response to the detected occurrence of the security event. The method also includes the steps of receiving, by a data monitor located within the customer network, first data from the component in response to the query and determining, based on the received first data, whether to query for additional data. The method additionally includes querying at least one of the first component and another component of the customer network to obtain the additional data in response to the determining step, and analyzing the security event using at least one of the first data and the additional data.
35 Citations
34 Claims
-
1-15. -15. (canceled)
-
16. An apparatus for analyzing a security event within a customer network comprising:
-
(a) a data monitor, positioned within the customer network, to collect data from at least one component of the customer network in response to a query; and (b) a security analysis module, in communication with the data monitor, to detect an occurrence of the security event, wherein the security analysis module comprises; (b-a) a receiver for receiving data from the data monitor, (b-b) an analyzer, in communication with the receiver, for analyzing the security event, and (b-c) a querying module, in communication with the analyzer, for querying the data monitor for data repeatedly until the analyzer can analyze the security event using the data. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. An apparatus for analyzing a security event within a customer network comprising:
-
(a) a data monitor, positioned within the customer network, to collect data from the customer network; and (b) a security analysis module, in communication with the data monitor, to determine an occurrence of the security event; (c) a receiver for receiving data from the data monitor, (d) an analyzer, positioned within the customer network, for analyzing the security event, and (e) a querying module, in communication with the analyzer, for querying the data monitor for data repeatedly until the analyzer can analyze the security event using the data. - View Dependent Claims (31, 32, 33)
-
-
34-51. -51. (canceled)
Specification