System and method for web-based log analysis

US 20160234238A1
Filed: 02/11/2015
Published: 08/11/2016
Est. Priority Date: 02/11/2015
Status: Active Grant

First Claim

Patent Images

1. A method for web-based log analysis comprising the steps of:

storing log data of one or more devices;

determining a vulnerability exists at a device, the device being one of the one or more devices;

determining a trace related to the vulnerability, wherein determining the trace comprises;

executing an exploit related to the vulnerability;

monitoring log data created responsive to executing the exploit; and

generating the trace based upon the log data;

scanning the log data of the device for the trace; and

in response to finding the trace in the log data of the device, determining the device is vulnerable to the exploit related to the vulnerability.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The technology described herein provides a novel system and method for web-based log analysis. The analysis combines the benefits of typical log monitoring systems with those of typical vulnerability managements systems. The synergy of the combined log monitoring and vulnerability management results in a single provider detecting vulnerability and subsequently accessing archived log data to detect if the vulnerability has been exploited in the past, identifying compromised machines for customers.

Citations

17 Claims

1. A method for web-based log analysis comprising the steps of:
- storing log data of one or more devices;
  
  determining a vulnerability exists at a device, the device being one of the one or more devices;
  
  determining a trace related to the vulnerability, wherein determining the trace comprises;
  
  executing an exploit related to the vulnerability;
  
  monitoring log data created responsive to executing the exploit; and
  
  generating the trace based upon the log data;
  
  scanning the log data of the device for the trace; and
  
  in response to finding the trace in the log data of the device, determining the device is vulnerable to the exploit related to the vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17)
- - 2. The method of claim 1 further comprising:
    - receiving log data from the one or more devices; and
      
      transmitting the log data for storage.
  - 3. The method of claim 1, wherein the log data is stored in cloud based storage.
  - 4. The method of claim 1, wherein determining a vulnerability exists comprises scanning the one or more devices for vulnerabilities using data from a vulnerability database.
  - 5. The method of claim 4, wherein determining a trace related to the vulnerability comprises retrieving the trace from the vulnerability database.
  - 6. The method of claim 1, further comprising in response to finding the trace in the log data, providing a notification to a user of the device.
  - 7. The method of claim 6, further comprising writing the trace to an entry in the vulnerability database, the entry corresponding to the vulnerability.
  - 8. The method of claim 4, wherein the vulnerability database comprises a plurality of entries, each entry corresponding to a vulnerability, each entry comprising an identifier, a signature, and a trace.
  - 17. The method of claim 1, wherein the trace comprises an indicator that the device is vulnerable to the exploit related to the vulnerability.

9. A system for web-based log analysis comprising:
- one or more hardware processors configured to;
  
  store log data of one or more devices;
  
  determine a vulnerability exists at a device, the device being one of the one or more devices;
  
  determine a trace related to the vulnerability, wherein determining the trace comprises;
  
  executing an exploit related to the vulnerability;
  
  monitoring log data created responsive to executing the exploit;
  
  generating the trace based upon the log data;
  
  scan the log data of the device for the trace, andin response to finding the trace in the log data of the device, determine the device is vulnerable to the exploit related to the vulnerability.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the one or more processors is further configured to:
    - receive log data from the one or more devices; and
      
      transmit the log data for storage.
  - 11. The system of claim 9, wherein the log data is stored in cloud based storage.
  - 12. The system of claim 9, wherein the one or more processors is further configured to scan the one or more devices for vulnerabilities using data from a vulnerability database.
  - 13. The system of claim 12, wherein the one or more processors is further configured to retrieve the trace from the vulnerability database.
  - 14. The system of claim 9, wherein the one or more processors is further configured to in response to finding the trace in the log data, provide a notification to a user of the device.
  - 15. The system of claim 14, wherein the one or more processors is further configured to write the trace to an entry in the vulnerability database, the entry corresponding to the vulnerability.
  - 16. The system of claim 12, wherein the vulnerability database comprises a plurality of entries, each entry corresponding to a vulnerability, each entry comprising an identifier, a signature, and a trace.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualys Incorporated
Original Assignee
Qualys Incorporated
Inventors
Harutyunyan, Artem, Sarwate, Amol R., Thakar, Sumedh, Shema, Michael P.

Granted Patent

US 9,876,813 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 67/02   based on web technology, e....

System and method for web-based log analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for web-based log analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links