SECURITY EVENT DATA NORMALIZATION

US 20090276843A1
Filed: 04/06/2009
Published: 11/05/2009
Est. Priority Date: 06/08/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a packet from a network security agent indicating a network event;

converting the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and

using the security event tag to represent the event in place of the packet.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Normalizing security event data from multiple different network agents. The data from the multiple different agents is categorized and tagged with a descriptor that includes information about the nature of the event. Multiple different events from multiple different devices can therefore be evaluated using a common format which is common for the multiple different devices from different vendors.

56 Citations

View as Search Results

10 Claims

1. A method, comprising:
- receiving a packet from a network security agent indicating a network event;
  
  converting the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and
  
  using the security event tag to represent the event in place of the packet.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method as in claim 1, further comprising determining if the packet is from a registered device.
  - 3. A method as in claim 1, wherein the network security agent is one of a firewall, a network intrusion system, a router, or a virtual private network.
  - 4. A method as in claim 1, wherein the security event tag has common fields for the same event from different agents.
  - 5. A method as in claim 1, wherein the security event tag represents at least an IP address, at least one port, and at least one signature identifier.

6. A system, comprising:
- A port that receives a packet from a network security agent indicating a network event;
  
  A processing engine operating to convert the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and
  
  A security monitoring system that uses the security event tag to represent the event in place of the packet.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A system as in claim 6, further comprising the network security agent.
  - 8. A system as in claim 7, wherein said network security agent is one of a firewall, a network intrusion system, a router, or a virtual private network.
  - 9. A method as in claim 6, wherein the security event tag has common fields for the same event from different agents.
  - 10. A method as in claim 9, wherein the security event tag represents at least an IP address, at least one port, and at least one signature identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LOG Storm Security, Inc.
Original Assignee
LOG Storm Security, Inc.
Inventors
PATEL, RAJESH

Granted Patent

US 9,060,024 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 41/0226   Mapping or translating mult...

H04L 41/069   using logs of notifications...

H04L 43/00   Arrangements for monitoring...

H04L 63/20   for managing network securi...

H04L 67/565   Conversion or adaptation of...

SECURITY EVENT DATA NORMALIZATION

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY EVENT DATA NORMALIZATION

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links