Modular framework for configuring action sets for use in dynamically processing network events in a distributed computing environment
First Claim
Patent Images
1. A system for configuring an action set for use in dynamically processing network events in a distributed computing environment, comprising:
- a graphical user interface associated with an action set;
a database storing an action set;
a manager console associating at least one network event and at least one sensor responsive to a user selection indicated on the graphical user interface and embedding at least one action into the action set responsive to a user selection indicated on the graphical user interface; and
the database storing the association for the at least one network event and the embedding of the at least one action into a mapping table.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and a method for configuring an action set for use in dynamically processing network events in a distributed computing environment are described. A graphical user interface associated with an action set is presented. An action set is stored into a database. At least one network event and at least one sensor are associated responsive to a user selection indicated on the graphical user interface. At least one action is embedded into the action set responsive to a user selection indicated on the graphical user interface. The association for the at least one network event and the embedding of the at least one action are stored into a mapping table.
229 Citations
26 Claims
-
1. A system for configuring an action set for use in dynamically processing network events in a distributed computing environment, comprising:
-
a graphical user interface associated with an action set;
a database storing an action set;
a manager console associating at least one network event and at least one sensor responsive to a user selection indicated on the graphical user interface and embedding at least one action into the action set responsive to a user selection indicated on the graphical user interface; and
the database storing the association for the at least one network event and the embedding of the at least one action into a mapping table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
the manager console referencing at least one event filter into the action set responsive to a user selection indicated on the graphical user interface; and
the database further storing the reference for the at least one event filter into the action set.
-
-
3. A system according to claim 2, wherein the event filter comprises at least one of running a script, setting an event correlation filter, and adding values to the network event.
-
4. A system according to claim 1, wherein the external event comprises at least one of an SNMP trap and a certogram.
-
5. A system according to claim 1, wherein the action comprises at least one of an forwarding an authenticated datagram to a firewall, creating a helpdesk activity ticket, running a script, logging event data, executing a program, broadcasting a network message, sending an alphanumeric page, and sending an electronic mail via SMTP.
-
6. A system according to claim 1, further comprising:
-
at least one agent sensing the occurrence of the network event; and
the at least one sensor receiving the network event occurrence message from the at least one agent.
-
-
7. A system according to claim 6, wherein the at least one agent is an authenticated agent, further comprising
a secure connection between the authenticated agent and the manager; - and
the corresponding agent receiving the message over the secure connection upon authentication of the agent and the manager.
- and
-
8. A system according to claim 7, wherein the secure connection is effected via a Transport Layer Security connection.
-
9. A system according to claim 1, further comprising:
a storage manager maintaining the action set mapping within a database.
-
10. A system according to claim 9, further comprising:
the storage manager further maintaining the action set as a binary large object (BLOB) within the database.
-
11. A method for configuring an action set for use in dynamically processing network events in a distributed computing environment, comprising:
-
presenting a graphical user interface associated with an action set;
storing an action set into a database;
associating at least one network event and at least one sensor responsive to a user selection indicated on the graphical user interface;
embedding at least one action into the action set responsive to a user selection indicated on the graphical user interface; and
storing the association for the at least one network event and the embedding of the at least one action into a mapping table. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
referencing at least one event filter into the action set responsive to a user selection indicated on the graphical user interface; and
storing the reference for the at least one event filter into the action set.
-
-
13. A method according to claim 12, wherein the event filter comprises at least one of running a script, setting an event correlation filter, and adding values to the network event.
-
14. A method according to claim 11, wherein the external event comprises at least one of an SNMP trap and a certogram.
-
15. A method according to claim 11, wherein the action comprises at least one of an forwarding an authenticated datagram to a firewall, creating a helpdesk activity ticket, running a script, logging event data, executing a program, broadcasting a network message, sending an alphanumeric page, and sending an electronic mail via SMTP.
-
16. A method according to claim 11, further comprising:
-
sensing the occurrence of the network event on at least one agent; and
receiving the network event occurrence message on the at least one sensor from the at least one agent.
-
-
17. A method according to claim 16, wherein the at least one agent is authenticated agent, further comprising
forming a secure connection between the authenticated agent and the manager; - and
receiving the message over the secure connection upon authentication of agent and the manager.
- and
-
18. A method according to claim 17, wherein the secure connection is effected via a Transport Layer Security connection.
-
19. A method according to claim 11, further comprising:
maintaining the action set mapping within a database.
-
20. A method according to claim 19, further comprising:
maintaining the action set as a binary large object (BLOB) within the database.
-
21. A computer-readable storage medium holding code for configuring an action set for use in dynamically processing network events in a distributed computing environment, comprising:
-
presenting a graphical user interface associated with an action set;
storing an action set into a database;
associating at least one network event and at least one sensor responsive to a user selection indicated on the graphical user interface;
embedding at least one action into the action set responsive to a user selection indicated on the graphical user interface; and
storing the association for the at least one network event and the embedding of the at least one action into a mapping table. - View Dependent Claims (22, 23, 24, 25, 26)
referencing at least one event filter into the action set responsive to a user selection indicated on the graphical user interface; and
storing the reference for the at least one event filter into the action set.
-
-
23. A storage medium according to claim 21, further comprising:
-
sensing the occurrence of the network event on at least one agent; and
receiving the network event occurrence message on the at least one sensor from the at least one agent.
-
-
24. A storage medium according to claim 23, wherein the at least one agent is an authenticated agent, further comprising
forming a secure connection between the authenticated agent and the manager; - and
receiving the message over the secure connection upon authentication of the agent and the manager.
- and
-
25. A storage medium according to claim 21, further comprising:
maintaining the action set mapping within a database.
-
26. A storage medium according to claim 25, further comprising:
maintaining the action set as a binary large object (BLOB) within the database.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, LLC
-
Original AssigneeNetwork Associates, Inc.
-
InventorsTryon, James Robert Jr., OʼBrien, Eric David
-
Primary Examiner(s)Geckil, Mehmet B.
-
Application NumberUS09/467,633Time in Patent Office1,037 DaysField of Search709/223, 709/224, 707/10, 345/735, 345/100, 345/733, 345/736US Class Current709/223CPC Class CodesH04L 41/0213 Standardised network manage...H04L 41/046 comprising network manageme...H04L 41/0604 using filtering, e.g. reduc...H04L 41/069 using logs of notifications...H04L 41/22 comprising specially adapte...H04L 63/0823 using certificates cryptogr...H04L 63/1416 Event detection, e.g. attac...H04L 67/10 in which an application is ...
