SECURITY EVENT DATA NORMALIZATION
First Claim
Patent Images
1. A method, comprising:
- receiving a packet from a network security agent indicating a network event;
converting the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and
using the security event tag to represent the event in place of the packet.
19 Assignments
0 Petitions
Accused Products
Abstract
Normalizing security event data from multiple different network agents. The data from the multiple different agents is categorized and tagged with a descriptor that includes information about the nature of the event. Multiple different events from multiple different devices can therefore be evaluated using a common format which is common for the multiple different devices from different vendors.
56 Citations
10 Claims
-
1. A method, comprising:
-
receiving a packet from a network security agent indicating a network event; converting the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and using the security event tag to represent the event in place of the packet. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising:
-
A port that receives a packet from a network security agent indicating a network event; A processing engine operating to convert the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and A security monitoring system that uses the security event tag to represent the event in place of the packet. - View Dependent Claims (7, 8, 9, 10)
-
Specification