Method for batching events for transmission by software agent
First Claim
Patent Images
1. A method, comprising:
- receiving security events from a network device by a distributed software agent of a network security system;
determining a first priority of each received security event, the first priority relating to an importance of the event;
storing the security events in a plurality of prioritized event buffers based on the determined first priorities for a period of time determined by a timer; and
upon expiration of the timer;
determining a batching priority for ones of the stored security events in accordance with both their first priority and with how long they have been waiting to be sent, andcreating a batch of security events for transport to a security event manager of the network security system by including security events in the batch in order of the batching priority until the batch is full, where a batch of security events has at most a predetermined number of security events and the predetermined number can be more than the number of stored security events waiting to be sent.
11 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, the present invention provides for receiving security events from a network device by a distributed software agent of a network security system, determining a priority of each received security event, and storing the security events in a plurality of prioritized event buffers based on the determined priorities for a period of time determined by a timer. Upon expiration of the timer, a batch of security events for transport to a security event manager of the network security system can be created by including security events in the batch in order of priority until the batch is full.
204 Citations
27 Claims
-
1. A method, comprising:
-
receiving security events from a network device by a distributed software agent of a network security system; determining a first priority of each received security event, the first priority relating to an importance of the event; storing the security events in a plurality of prioritized event buffers based on the determined first priorities for a period of time determined by a timer; and upon expiration of the timer; determining a batching priority for ones of the stored security events in accordance with both their first priority and with how long they have been waiting to be sent, and creating a batch of security events for transport to a security event manager of the network security system by including security events in the batch in order of the batching priority until the batch is full, where a batch of security events has at most a predetermined number of security events and the predetermined number can be more than the number of stored security events waiting to be sent. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A distributed software agent, stored in a memory of a data processing system and executed by a processor of the data processing system, comprising:
-
a channel access component configured to receive security events from a network device monitored by the agent; and an agent batch component comprising; a priority scanner configured to determine a first priority of each received security event; a plurality of prioritized event buffers for storing the security events; a timer configured to store the received security events in the plurality of prioritized event buffers according to the first priority of each security event as determined by the priority scanner until the timer expires; and means for creating a batch of security events for transport to a security event manager of a network security system by including security events in the batch in order of a batching priority, the batching priority of an event based on both the event'"'"'s first priority and with how long the event has been waiting to be sent, until the batch is full, where a batch of security events has at most a predetermined number of security events and the predetermined number can be more than the number of stored security events waiting to be sent. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A machine-readable medium containing data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
receiving security events from a network device by a distributed software agent of a network security system; determining a priority of each received security event; storing the security events in a plurality of prioritized event buffers based on the determined priorities for a period of time determined by a timer; and upon expiration of the timer; determining a batching priority for ones of the stored security events in accordance with both their first priority and with how long they have been waiting to be sent, and creating a batch of security events for transport to a security event manager of the network security system by including security events in the batch in order of the batching priority until the batch is full, where a batch of security events has at most a predetermined number of security events and the predetermined number can be more than the number of stored security events waiting to be sent. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
receiving security events from a network device by a distributed software agent of a network security system; storing, in one or more event buffers, a number of received security events having a first priority related to the event'"'"'s importance; and upon storing the number of security events in the one or more event buffers, batching the security events stored in the one or more event buffers, in accordance with a batching priority of the security events that is determined in accordance with both a first priority of the security events and with how long the security events have been waiting to be sent, for transport to a security event manager of the network security system, where a batch of security events has at most a predetermined number of security events and the predetermined number can be more than the number of stored security events waiting to be sent. - View Dependent Claims (21, 22, 23)
-
-
24. A machine-readable medium containing data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
receiving security events from a network device by a distributed software agent of a network security system; storing, in one or more event buffers, a number of received security events; and upon storing the number of security event in the one or more event buffers, batching the security events stored in the one or more event buffers, in accordance with a batching priority of the security events that is determined in accordance with both a first priority of the security events and with how long the security events have been waiting to be sent, for transport to a security event manager of the network security system, where a batch of security events has at most a predetermined number of security events and the predetermined number can be more than the number of stored security events waiting to be sent. - View Dependent Claims (25, 26, 27)
-
Specification