SYSTEM AND METHOD FOR GROUPING COMPUTER VULNERABILITIES

US 20130247206A1
Filed: 09/21/2011
Published: 09/19/2013
Est. Priority Date: 09/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a query to be displayed by a graphical user interface (GUI) of a computer that includes a processor;

using fields associated with the query to create a vulnerability set comprising at least one vulnerability;

adding the vulnerability set to a program;

updating the program by adding a new vulnerability to the vulnerability set; and

generating an asset report that includes scan results associated with the vulnerability set for the computer.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method in one embodiment includes modules for creating a vulnerability set including one or more vulnerabilities, adding the vulnerability set to a program, and updating the program by adding a new vulnerability to the vulnerability set. More specific embodiments include a program that includes a scan, creating the vulnerability set by generating a query including one or more conditions associated with the vulnerabilities, and creating the vulnerability set by selecting one or more vulnerabilities from a plurality of vulnerabilities. Other embodiments include a program that includes a report template, adding a vulnerability set to the report template by generating a query to include a condition associated with the vulnerability set, running a scan, and generating a report including one or more results from the scan meeting the condition associated with the vulnerability set.

Citations

20 Claims

1. A method comprising:
- providing a query to be displayed by a graphical user interface (GUI) of a computer that includes a processor;
  
  using fields associated with the query to create a vulnerability set comprising at least one vulnerability;
  
  adding the vulnerability set to a program;
  
  updating the program by adding a new vulnerability to the vulnerability set; and
  
  generating an asset report that includes scan results associated with the vulnerability set for the computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the program comprises a scan.
  - 3. The method of claim 1, wherein the program comprises a report template.
  - 4. The method of claim 3, wherein the adding the vulnerability set comprises generating a query to include at least one condition associated with the vulnerability set.
  - 5. The method of claim 4, further comprising:
    - running another program comprising a scan; and
      
      generating a report, such that the report comprises at least one result from the scan meeting the at least one condition associated with the vulnerability set.
  - 6. The method of claim 1 wherein:
    - the creating the vulnerability set comprises generating a query including at least one condition associated with the at least one vulnerability; and
      
      the adding the new vulnerability comprises generating a query including at least another condition associated with the new vulnerability.
  - 7. The method of claim 6, wherein the at least one condition is selected from a group comprising a vulnerability module, a vulnerability category, a Common Vulnerabilities and Exposures (CVE) Number, a Common Weakness Enumeration (CWE), an intrusive check, a CVSS (Common Vulnerability Scoring System) Metric, a Microsoft (MS) Number, a risk, a vulnerability name, and a vulnerability severity.
  - 8. The method of claim 1, wherein the query further comprises a nested condition expression using at least one operator selected from a group comprising AND, OR, Equals (EQ), Not Equals (NE), Greater Than (GT), Less Than (LT), Contains, Does not Contain, Greater Than or Equal (GE), and Less Than or Equal (LE).
  - 9. The method of claim 1 wherein the creating the vulnerability set comprises selecting the at least one vulnerability from a plurality of vulnerabilities.

10. An apparatus comprising:
- a memory element configured to store data; and
  
  a processor operable to execute instructions associated with the data, wherein the apparatus is configured for;
  
  providing a query to be displayed by a graphical user interface (GUI) of a computer that includes the processor;
  
  using fields associated with the query to create a vulnerability set comprising at least one vulnerability;
  
  adding the vulnerability set to a program;
  
  updating the program by adding a new vulnerability to the vulnerability set; and
  
  generating an asset report that includes scan results associated with the vulnerability set for the computer.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The apparatus of claim 10 wherein the program comprises a scan.
  - 12. The apparatus of claim 10 wherein:
    - the program comprises a report template; and
      
      the adding the vulnerability set comprises generating a query to include at least one condition associated with the vulnerability set.
  - 13. The apparatus of claim 12, further comprising:
    - running another program comprising a scan; and
      
      generating a report, such that the report comprises at least one result from the scan meeting the at least one condition associated with the vulnerability set.
  - 14. The apparatus of claim 10, wherein:
    - the creating the vulnerability set comprises generating a query including at least one condition associated with the at least one vulnerability; and
      
      the adding the new vulnerability comprises generating a query including at least another condition associated with the new vulnerability.
  - 15. The apparatus of claim 10, creating the vulnerability set comprises selecting the at least one vulnerability from a plurality of vulnerabilities.

16. Non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- providing a query to be displayed by a graphical user interface (GUI) of a computer that includes the processor;
  
  using fields associated with the query to create a vulnerability set comprising at least one vulnerability;
  
  adding the vulnerability set to a program;
  
  updating the program by adding a new vulnerability to the vulnerability set; and
  
  generating an asset report that includes scan results associated with the vulnerability set for the computer.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The media of claim 16, wherein the program comprises a scan.
  - 18. The media of claim 16 wherein:
    - the program comprises a report template; and
      
      the adding the vulnerability set comprises generating a query to include at least one condition associated with the vulnerability set.
  - 19. The media of claim 18, further comprising:
    - running another program comprising a scan; and
      
      generating a report, such that the report comprises at least one result from the scan meeting the at least one condition associated with the vulnerability set.
  - 20. The media of claim 16, wherein:
    - the creating the vulnerability set comprises generating a query including at least one condition associated with the at least one vulnerability; and
      
      the adding the new vulnerability comprises generating a query including at least another condition associated with the new vulnerability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Mallabarapu, Charles, Hugard, James M. IV, Leroux, Alexander Lawrence, Muniz, Jorge Armando, Russell, Braden C., Wu, Zengjue

Granted Patent

US 9,811,667 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 11/3051   Monitoring arrangements for...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

SYSTEM AND METHOD FOR GROUPING COMPUTER VULNERABILITIES

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR GROUPING COMPUTER VULNERABILITIES

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links