Comprehensive security structure platform for network managers
First Claim
1. A computer system for detecting and monitoring network intrusion events from log data received from network service devices in a computer network, the computer system having discrete modules associated with a function performed on the log data received, the computer system comprising:
- an event parser in communication with multiple network service devices, the event parser being able to receive log data in real time from the device, the log data including information detailing a network intrusion event received from the network service device if an intrusion has occurred, the event parser being able to parse the information to create corresponding event objects concerning the intrusion events, wherein an event object comprises information fields relevant to network security monitoring including at least information regarding a reporting device and a time stamp;
an event manager in communication with the event parser, the event manager being able to receive the event objects, the event manager being configured to evaluate the event objects according to at least one predetermined threshold condition such that, when the event objects satisfy the predetermined threshold condition, the event manager designates the event objects to be transmitted in real time;
an event transmitter in communication with the event manager for receiving event objects designated by the event manager for transmission, the event transmitter being able to transmit the event objects in real time, relative to the receipt of the log data, as an intrusion alarm; and
means for alerting a user that a network intrusion event has occurred.
20 Assignments
0 Petitions
Accused Products
Abstract
A computer system and method for detecting and monitoring network intrusion events from log data received from network service devices in a computer network, the computer system having discrete modules associated with a function performed on the log data received. An event parser in communication with at least one network service device is able to receive log data in real time from the device, and create an event object. An event manager in communication with the event parser is able to receive the event object and evaluate the event object according to at least one predetermined threshold condition such that, when the event object satisfies the predetermined threshold condition, the event manager designates the event object to be broadcast in real time. An event broadcaster in communication with the event manager receives event objects designated by the event manager for broadcast. The event broadcaster transmits the event object in real time as an intrusion alarm.
37 Citations
43 Claims
-
1. A computer system for detecting and monitoring network intrusion events from log data received from network service devices in a computer network, the computer system having discrete modules associated with a function performed on the log data received, the computer system comprising:
-
an event parser in communication with multiple network service devices, the event parser being able to receive log data in real time from the device, the log data including information detailing a network intrusion event received from the network service device if an intrusion has occurred, the event parser being able to parse the information to create corresponding event objects concerning the intrusion events, wherein an event object comprises information fields relevant to network security monitoring including at least information regarding a reporting device and a time stamp; an event manager in communication with the event parser, the event manager being able to receive the event objects, the event manager being configured to evaluate the event objects according to at least one predetermined threshold condition such that, when the event objects satisfy the predetermined threshold condition, the event manager designates the event objects to be transmitted in real time; an event transmitter in communication with the event manager for receiving event objects designated by the event manager for transmission, the event transmitter being able to transmit the event objects in real time, relative to the receipt of the log data, as an intrusion alarm; and means for alerting a user that a network intrusion event has occurred. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A method for detecting and monitoring network intrusion events from log data received from network service devices in a computer network comprising the steps of:
-
receiving log data in real time, the log data including information detailing at least one network intrusion event received from the network service devices; parsing the log data information to create corresponding event objects, wherein an event object comprises information fields relevant to network security monitoring including at least information regarding a reporting device and a time stamp; and evaluating the event objects according to at least one predetermined threshold condition; where the information contained within the event objects satisfies the predetermined threshold condition, transmitting the event object as an intrusion alarm in real time, relative to the receipt of the log data, to a display screen on a user interface. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A computer system for detecting and monitoring network intrusion events from log data received from network service devices in a computer network, the computer system having discrete modules associated with a function performed on the log data received, the computer system comprising:
-
an event parser in communication with multiple network service devices, the event parser being able to receive log data in real time from the devices, the log data including information detailing a network intrusion event received from the network service devices if an intrusion has occurred, the event parser being able to parse the information to create corresponding event objects concerning the intrusion events, wherein an event object comprises information fields relevant to network security monitoring including at least information regarding a reporting device and a time stamp; an event aggregator, the event aggregator being able to filter the event objects based on event type and severity; an event manager in communication with the event aggregator, the event manager being able to receive the event object, the event manager being configured to evaluate the event object according to at least one predetermined threshold condition such that, when the event object satisfies the predetermined threshold condition, the event manager designates the event object to be transmitted in real time; an event transmitter in communication with the event manager for receiving event objects designated by the event manager for transmission, the event transmitter being able to transmit the event object in real time, relative to the receipt of the log data, as an intrusion alarm; and means for alerting a user that a network intrusion event has occurred.
-
-
43. A method for detecting and monitoring network intrusion events from log data received from network service devices in a computer network, comprising the steps of:
-
receiving log data in real time from multiple network security devices, the log data including information detailing at least network intrusion events received from the network service devices; parsing the log data information to create corresponding event objects, wherein an event object comprises information fields relevant to network security monitoring including at least information regarding a reporting device and a time stamp; filtering the event objects based on event type and severity; and evaluating the event objects according to at least one predetermined threshold condition; where the information contained within an event object satisfies the predetermined threshold condition, transmitting the event object as an intrusion alarm in real time, relative to the receipt of the log data, to a display screen on a user interface.
-
Specification