EVENT INTEGRATION FRAMEWORKS
First Claim
1. A computer-implemented method, comprising:
- by computing hardware;
inputting compliance data indicating a compliance status of one or more nodes in an information technology (“
IT”
) network relative to one or more compliance policies;
inputting historical compliance data, the historical compliance data indicating the compliance status of the one or more nodes in the IT network at an earlier time;
computing compliance change data from the compliance data and the historical compliance data, the compliance change data comprising data indicative of the degree of compliance changes between the compliance data and the historical compliance data; and
generating an output message in a message format adapted for use with a security information and event management (“
SIEM”
) tool or logging tool, the output message including the compliance change data.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from a compliance and configuration control (“CCC”) tool and generating information for a security information and event management (“SIEM”) tool based on the information from the CCC tool. For example, in one exemplary embodiment, information from a CCC tool is transferred to a SIEM tool or logging tool by receiving the information from the CCC tool in a format that is not recognized by the SIEM tool or logging tool, and generating an output message in a message format that is recognized by the SIEM tool or logging tool. In particular embodiments, the message format is a customizable message format that is adaptable to multiple different SIEM tools or logging tools. In further embodiments, the data transferred to the SIEM tool comprises data indicative of compliance policy changes.
66 Citations
22 Claims
-
1. A computer-implemented method, comprising:
by computing hardware; inputting compliance data indicating a compliance status of one or more nodes in an information technology (“
IT”
) network relative to one or more compliance policies;inputting historical compliance data, the historical compliance data indicating the compliance status of the one or more nodes in the IT network at an earlier time; computing compliance change data from the compliance data and the historical compliance data, the compliance change data comprising data indicative of the degree of compliance changes between the compliance data and the historical compliance data; and generating an output message in a message format adapted for use with a security information and event management (“
SIEM”
) tool or logging tool, the output message including the compliance change data.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A computer-implemented method, comprising:
by computing hardware; transferring information from a compliance and configuration control (“
CCC”
) tool to a security information and event management (“
SIEM”
) tool or logging tool, wherein the CCC tool monitors multiple nodes in an information technology (“
IT”
) infrastructure, and wherein the transferring comprises;receiving the information from the CCC tool in a format that is not recognized by the SIEM tool or logging tool; and generating an output message in a message format that is recognized by the SIEM tool or logging tool, the message format of the output message further being a customizable message format that is adaptable to multiple different SIEM tools or logging tools. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 21, 22)
-
20. A computer-implemented method, comprising:
by computing hardware; inputting compliance data indicating a compliance status of one or more nodes in an information technology (“
IT”
) network relative to one or more compliance policies;determining a compliance trend for one or more nodes in the IT network by comparing the compliance data to historical compliance data, the historical compliance data indicating the compliance status of the one or more nodes in the IT network at a different time; and generating an output message for a SIEM or logging tool only if the compliance trend indicates that the one or more nodes are less compliant than indicated by the historical compliance data.
Specification