SYSTEM AND METHOD FOR MANAGING DATA AND POLICIES
First Claim
1. A method, comprising:
- capturing a plurality of packet streams at a host device that is to centrally manage network security for a plurality of client devices to which it is coupled over a network;
recreating a plurality of flows from the packet streams;
analyzing the flows to identify one or more incidents, wherein the incidents identify one or more pieces of data, and wherein the packet streams are captured based on capture filters that remove certain network traffic that is not to be analyzed for the incidents; and
filtering the incidents based on a search request that initiated scanning for the incidents, and wherein at least one search parameter associated with the search request includes word patterns that form a concept for which triggers are provided for performing actions related to the concepts,wherein the host device includes a case management view that displays particular cases, which are for particular incidents previously discovered during scanning activities, and wherein the case management view allows the end user to assign a priority for the particular cases, to assign an owner to each of the particular cases, and to assign individual responsibility to other users for helping resolve the particular cases.
13 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method is provided and includes capturing a plurality of packet streams, recreating a plurality of flows from the packet streams, and analyzing the flows to identify one or more incidents. The incidents indentify one or more pieces of data. The incidents are filtered and the incidents are rendered on a display for an end user that initiated the filtering operation. In other embodiments, the display allows the end user to view a selected one of a group of attributes for the incidents. The display allows the end user to open a captured object associated with a specific incident. In still other embodiments, the display allows a user to filter the incidents using a selected one of a group of group options such as content, destination IP, destination location, destination port, filename, host IP, etc.
-
Citations
26 Claims
-
1. A method, comprising:
-
capturing a plurality of packet streams at a host device that is to centrally manage network security for a plurality of client devices to which it is coupled over a network; recreating a plurality of flows from the packet streams; analyzing the flows to identify one or more incidents, wherein the incidents identify one or more pieces of data, and wherein the packet streams are captured based on capture filters that remove certain network traffic that is not to be analyzed for the incidents; and filtering the incidents based on a search request that initiated scanning for the incidents, and wherein at least one search parameter associated with the search request includes word patterns that form a concept for which triggers are provided for performing actions related to the concepts, wherein the host device includes a case management view that displays particular cases, which are for particular incidents previously discovered during scanning activities, and wherein the case management view allows the end user to assign a priority for the particular cases, to assign an owner to each of the particular cases, and to assign individual responsibility to other users for helping resolve the particular cases. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13)
-
-
11. (canceled)
-
14. Logic encoded in one or more non-transitory tangible media for execution and when executed by a processor operable to:
-
capture a plurality of packet streams at a host device that is to centrally manage network security for a plurality of client devices to which it is coupled over a network; recreate a plurality of flows from the packet streams; analyze the flows to identify one or more incidents, wherein the incidents identify one or more pieces of data, and wherein the packet streams are captured based on capture filters that remove certain network traffic that is not to be analyzed for the incidents; and filter the incidents based on a search request that initiated scanning for the incidents, and wherein at least one search parameter associated with the search request includes word patterns that form a concept for which triggers are provided for performing actions related to the concepts, wherein the host device includes a display, which includes a system monitor view that displays details about the client devices including patch history information and an operating system version for each of the client devices, and wherein the system monitor view allows an end user of the host device to view existing alerts that are reported to a database and that are polled periodically, wherein the host device includes a case management view that displays particular cases, which are for particular incidents previously discovered during scanning activities, and wherein the case management view allows the end user to assign a priority for the particular cases, to assign an owner to each of the particular cases, and to assign individual responsibility to other users for helping resolve the particular cases. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 25)
-
-
24. (canceled)
-
26. A host device, comprising:
-
a processor; and a memory, wherein the host device is to centrally manage network security for a plurality of client devices to which it is coupled over a network, and wherein the host device is configured for; capturing a plurality of packet streams; recreating a plurality of flows from the packet streams; analyzing the flows to identify one or more incidents, wherein the incidents identify one or more pieces of data, and wherein the packet streams are captured based on capture filters that remove certain network traffic that is not to be analyzed for the incidents; and filtering the incidents based on a search request that initiated scanning for the incidents, and wherein at least one search parameter associated with the search request includes word patterns that form a concept for which triggers are provided for performing actions related to the concepts wherein the host device includes a display, which includes a system monitor view that displays details about the client devices including patch history information and an operating system version for each of the client devices, and wherein the system monitor view allows an end user of the host device to view existing alerts that are reported to a database and that are polled periodically wherein the host device includes a case management view that displays particular cases, which are for particular incidents previously discovered during scanning activities, and wherein the case management view allows the end user to assign a priority for the particular cases, to assign an owner to each of the particular cases, and to assign individual responsibility to other users for helping resolve the particular cases.
-
Specification