Event monitoring and management
11 Assignments
0 Petitions
Accused Products
Abstract
Described are techniques used in monitoring the performance, security and health of a system used in an industrial application. Agents included in the industrial network report data to an appliance or server. The appliance stores the data and determines when an alarm condition has occurred. Notifications are sent upon detecting an alarm condition. The alarm thresholds may be user defined. A threat thermostat controller determines a threat level used to control the connectivity of a network used in the industrial application.
-
Citations
121 Claims
-
1-24. -24. (canceled)
-
25. A method of event reporting by an agent comprising:
-
receiving data; determining if said data indicates a first occurrence of an event of interest associated with a metric since a previous periodic reporting; reporting said first occurrence of an event if said determining determines said data indicates said first occurrence; and reporting a summary including said metric in a periodic report at a first point in time. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 51)
-
-
42. A method of event reporting by an agent comprising:
-
receiving data; determining if said data corresponds to an event of interest associated with at least one security metric; and sending a report to a reporting destination, said report including said at least one security metric for a fixed time interval, wherein said report is sent from said agent communicating data at an application level to said reporting destination using a one-way communication connection. - View Dependent Claims (43, 44)
-
-
45. A method of event reporting by an agent comprising:
-
receiving data; determining if said data indicates a security event of interest; and reporting a summary including information on a plurality of occurrences of said security event of interest occurring within a fixed time interval, said summary being sent at a predetermined time interval. - View Dependent Claims (46, 47, 48, 49, 50)
-
-
52. A computer program product for event reporting by an agent comprising code that:
-
receives data; determines if said data indicates a first occurrence of an event of interest associated with a metric since a previous periodic reporting; reports said first occurrence of an event if said code that determines that said data indicates said first occurrence; and reports a summary including said metric in a periodic report at a first point in time. - View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 78)
-
-
69. A computer program product for event reporting by an agent comprising code that:
-
receives data; determines if said data corresponds to an event of interest associated with at least one security metric; and sends a report to a reporting destination, said report including said at least one security metric for a fixed time interval, wherein said report is sent from said agent communicating data at an application level to said reporting destination using a one-way communication connection. - View Dependent Claims (70, 71)
-
-
72. A computer program product for event reporting by an agent comprising code that:
-
receives data; determines if said data indicates a security event of interest; and reports a summary including information on a plurality of occurrences of said security event of interest occurring within a fixed time interval, said summary being sent at a predetermined time interval. - View Dependent Claims (73, 74, 75, 76, 77)
-
-
79. A method of event notification comprising:
-
receiving a first report of a condition; sending a first notification message about said first report of said condition; sending a second notification message about said condition at a first notification interval; receiving subsequent reports at fixed time intervals; sending a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval. - View Dependent Claims (80, 81, 82, 83, 84, 85, 86, 87, 88, 89)
-
-
90. A method of event notification comprising:
-
receiving a first report of a condition at a reporting destination; and sending a notification message from said reporting destination to a notification destination, said notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of;
a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target. - View Dependent Claims (91, 92, 93)
-
-
94. A method of event notification comprising:
-
receiving report of a potential cyber-attack condition at fixed time intervals; and sending a notification message about said conditions when said conditions exceed a notification threshold. - View Dependent Claims (95, 96, 97, 98, 99)
-
-
100. A computer program product for event notification comprising code that:
-
receives a first report of a condition; sends a first notification message about said first report of said condition; sends a second notification message about said condition at a first notification interval; receives subsequent reports at fixed time intervals; and sends a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval. - View Dependent Claims (101, 102, 103, 104, 105, 106, 107, 108, 109, 110)
-
-
111. A computer program product for event notification comprising code that:
-
receives a first report of a condition at a reporting destination; and sends a notification message from said reporting destination to a notification destination, said notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of;
a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target. - View Dependent Claims (112, 113, 114)
-
-
115. A computer program product for event notification comprising code that:
-
receives report of a potential cyber-attack condition at fixed time intervals; and sends a notification message about said conditions when said conditions exceed a notification threshold. - View Dependent Claims (116, 117, 118, 119, 120)
-
-
121-174. -174. (canceled)
Specification