SYSTEM AND METHOD FOR MANAGING NETWORK AND SECURITY EVENTS VIA SUPERIMPOSING DATA
First Claim
1. A method for gathering a plurality of data and representing the results, the method comprising:
- collecting events sharing the same derived key in a pre-defined sliding window;
superimposing the events in the pre-defined sliding window into a single record to form superimposed events; and
superimposing attributes from the plurality of data into an aggregated summary structure to form superimposed attributes.superimposed tags with results prior to results being delivered to the user or requesting process
1 Assignment
0 Petitions
Accused Products
Abstract
An integrated network flow and security information management system and method is provided, more particularly, an integrated network flow and security information management system and method which leverages a process of superimposing and cross referencing common events and attributes in order to increase the speed of searches, completeness of searches and size of dataset (flow data). In particular, the process of superimposing may increase the amount of information that can be processed, while accelerating the search, thereby providing the user with more responsive acts of pivoting and scoping leading to a more complete response to network errors and threats.
-
Citations
14 Claims
-
1. A method for gathering a plurality of data and representing the results, the method comprising:
-
collecting events sharing the same derived key in a pre-defined sliding window; superimposing the events in the pre-defined sliding window into a single record to form superimposed events; and superimposing attributes from the plurality of data into an aggregated summary structure to form superimposed attributes. superimposed tags with results prior to results being delivered to the user or requesting process - View Dependent Claims (2, 3, 4)
-
-
5. A method for superimposing and retrieving attributes, the method comprising:
-
receiving data containing a plurality of attributes and related values; examining each of the plurality of attributes to identify associated attributes; and superimposing the associated attributes in a cross relationship, where a cross relationship is a collection of unique attribute pairings. - View Dependent Claims (6, 7, 8, 9, 10, 11)
-
-
12. A method for superimposing of tags on the results from searches, the method comprising:
defining tag filters by processes or users in an independent schema, the independent schema defined as a condition and a label. - View Dependent Claims (13, 14)
Specification