CORRELATING USER INFORMATION TO A TRACKED EVENT
First Claim
1. An apparatus for correlating user information to a tracked event, said apparatus comprising:
- a processor; and
a memory on which is stored machine readable instructions that are to cause processor to;
access an event log that lists an event item corresponding to an event that occurred at a network appliance;
determine that the event item matches an item listed in a user log that lists records of user information and a plurality of items, wherein the records correspond to user events in a network;
identify the user information corresponding to the matching item;
determine a confidence level that the identified user information corresponds to the event item;
determine whether the confidence level exceeds a certain threshold value;
in response to a determination that the confidence level exceeds the certain threshold, correlate the user information to the event item; and
insert an entry into a database that the user information corresponds to the event item.
1 Assignment
0 Petitions
Accused Products
Abstract
According to examples, an apparatus may include a processor and a memory having instructions that are to cause processor to access an event log that lists an event item corresponding to an event that occurred at a network appliance, determine that the event item matches an item listed in a user log that lists records of user information and a plurality of items, in which the records correspond to user events in a network, identify the user information corresponding to the matching item, determine a confidence level that the identified user information corresponds to the event item, determine whether the confidence level exceeds a certain threshold value, in response to a determination that the confidence level exceeds the certain threshold, correlate the user information to the event item, and insert an entry into a database that the user information corresponds to the event item.
16 Citations
20 Claims
-
1. An apparatus for correlating user information to a tracked event, said apparatus comprising:
-
a processor; and a memory on which is stored machine readable instructions that are to cause processor to; access an event log that lists an event item corresponding to an event that occurred at a network appliance; determine that the event item matches an item listed in a user log that lists records of user information and a plurality of items, wherein the records correspond to user events in a network; identify the user information corresponding to the matching item; determine a confidence level that the identified user information corresponds to the event item; determine whether the confidence level exceeds a certain threshold value; in response to a determination that the confidence level exceeds the certain threshold, correlate the user information to the event item; and insert an entry into a database that the user information corresponds to the event item. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for correlating information in an event log with information in a user log, said method comprising:
-
accessing an event log that lists an event item corresponding to an event that occurred at the network appliance; determining whether the event item matches a first item of a plurality of first items listed in a user log that lists records of second items and first items corresponding to user events in a network; in response to a determination that the event item matches the first item of the plurality of first items, identifying the second item corresponding to the matching first item; determining, by a processor, a confidence level that the identified second item corresponds to the event item; determining, by the processor, whether the confidence level exceeds a certain threshold value; in response to a determination that the confidence level exceeds the certain threshold, correlating, by the processor, the second item to the first event information; and inserting, by the processor, an entry into a database that the second item corresponds to the event item. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable medium on which is stored machine readable instructions that when executed by a processor, cause the processor to:
-
access an event log that lists an event IP address corresponding to an event that occurred at a network appliance; determine that the event IP address matches an IP address of IP addresses listed in a user log that lists records of user information and IP addresses corresponding to user events in a network; identify the user information corresponding to the matching IP address; determine a confidence level that the identified user information corresponds to the event IP address; determine whether the confidence level exceeds a certain threshold value; in response to a determination that the confidence level exceeds the certain threshold, correlate the user information to the event IP address; and execute a policy pertaining to data packets communicated to the network appliance by a user corresponding to the user name. - View Dependent Claims (17, 18, 19, 20)
-
Specification