Graphical user interface for an enterprise intrusion detection system
First Claim
1. A graphical user interface (GUI) operable to:
- receive at least one packet flow, each packet flow originating from a unique node in an intrusion detection system and comprising descriptive information and a plurality of packet headers;
communicate the descriptive information of a first subset of the received packet flows to a user based at least in part on a filtering ruleset;
conceal a second subset of the received packet flows from the user based at least in part on the filtering ruleset;
in response to receiving a first command from the user, communicate the plurality of packet headers for at least one packet flow in the first subset to the user; and
in response to receiving a second command from the user;
automatically determine one or more defined groupings indicated by the second command, the one or more defined groupings comprising at least one of virtual private network (VPN) grouping, firewall grouping, sites, communication types, or trust levels;
automatically organize the communicated information according to the one or more defined groupings; and
automatically display the communicated information to the user according to the organization.
13 Assignments
0 Petitions
Accused Products
Abstract
A method for interfacing with a user of an enterprise intrusion detection system, the method comprises receiving at least one packet flow, each packet flow originating from a unique node in the intrusion detection system and comprising descriptive information and a plurality of packet headers. The descriptive information of a first subset of the received packet flows is communicated to a user based at least in part on a filtering ruleset. A second subset of the received packet flows is concealed from the user based at least in part on the filtering ruleset. In response to receiving a command from the user, the plurality of packet headers for at least one packet flow in the first subset is communicated to the user.
137 Citations
27 Claims
-
1. A graphical user interface (GUI) operable to:
-
receive at least one packet flow, each packet flow originating from a unique node in an intrusion detection system and comprising descriptive information and a plurality of packet headers; communicate the descriptive information of a first subset of the received packet flows to a user based at least in part on a filtering ruleset; conceal a second subset of the received packet flows from the user based at least in part on the filtering ruleset; in response to receiving a first command from the user, communicate the plurality of packet headers for at least one packet flow in the first subset to the user; and in response to receiving a second command from the user; automatically determine one or more defined groupings indicated by the second command, the one or more defined groupings comprising at least one of virtual private network (VPN) grouping, firewall grouping, sites, communication types, or trust levels; automatically organize the communicated information according to the one or more defined groupings; and automatically display the communicated information to the user according to the organization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving at least one packet flow, each packet flow originating from a unique node in an intrusion detection system and comprising descriptive information and a plurality of packet headers; communicating the descriptive information of a first subset of the received packet flows to a user based at least in part on a filtering ruleset; concealing a second subset of the received packet flows from the user based at least in part on the filtering ruleset; in response to receiving a command from the user, communicating the plurality of packet headers for at least one packet flow in the first subset to the user; and in response to receiving a second command from the user; automatically determine one or more defined groupings indicated by the second command, the one or more defined groupings comprising at least one of virtual private network (VPN) grouping, firewall grouping, sites, communication types, or trust levels; automatically organize the communicated information according to the one or more defined groupings; and automatically display the communicated information to the user according to the organization. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. Logic embodied in one or more tangible media for execution and when executed operable to:
-
receive at least one packet flow, each packet flow originating from a unique sensor in an intrusion detection system and comprising descriptive information and a plurality of packet headers; communicate the descriptive information of a first subset of the received packet flows to a user based at least in part on a filtering ruleset; conceal a second subset of the received packet flows from the user based at least in part on the filtering ruleset; in response to receiving a command from the user, communicate the plurality of packet headers for at least one packet flow in the first subset to the user; and in response to receiving a second command from the user; automatically determine one or more defined groupings indicated by the second command, the one or more defined groupings comprising at least one of virtual private network (VPN) grouping, firewall grouping, sites, communication types, or trust levels; automatically organize the communicated information according to the one or more defined groupings; and automatically display the communicated information to the user according to the organization. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification