System and method for collaborative information security correlation in low bandwidth environments
First Claim
1. A method for security information management in a network, comprising:
- receiving event information for a plurality of events at a first network node, wherein the event information for a particular event comprises a plurality of attributes associated with the particular event;
assigning a plurality of attribute values to each event, the attribute values of each event defining a point in n-dimensional space;
generating a first n-dimensional graph comprising a plurality of points, the points corresponding to the events;
receiving a second n-dimensional graph comprising a plurality of points, the second n-dimensional graph generated by a second network node;
dimming the plurality of points in the second n-dimensional graph based at least in part on a distance between the first network node and the second network node, wherein;
dimming the plurality of points in the second n-dimensional graph comprises reducing visibility of the plurality of points in the second n-dimensional graph by a percentage; and
the percentage is based at least in part on the distance between the first network node and the second network node; and
combining the first n-dimensional graph with the second n-dimensional graph to generate a third n-dimensional graph comprising points from each of the first n-dimensional graph and the second n-dimensional graph, the points of the third n-dimensional graph that are from the second n-dimensional graph being dimmed based at least in part on the distance between the first network node and the second network node.
10 Assignments
0 Petitions
Accused Products
Abstract
A method for security information management in a network comprises receiving event information for a plurality of events, wherein the event information for a particular event comprises a plurality of attributes associated with that event. The method continues by assigning a plurality of attribute values to each event, the attribute values of each event defining a point in n-dimensional space. The method continues by generating a first n-dimensional graph comprising a plurality of points, the points corresponding to the events. The method continues by receiving a second n-dimensional graph comprising a plurality of points. The method concludes by combining the first n-dimensional graph with the second n-dimensional graph.
89 Citations
34 Claims
-
1. A method for security information management in a network, comprising:
-
receiving event information for a plurality of events at a first network node, wherein the event information for a particular event comprises a plurality of attributes associated with the particular event; assigning a plurality of attribute values to each event, the attribute values of each event defining a point in n-dimensional space; generating a first n-dimensional graph comprising a plurality of points, the points corresponding to the events; receiving a second n-dimensional graph comprising a plurality of points, the second n-dimensional graph generated by a second network node; dimming the plurality of points in the second n-dimensional graph based at least in part on a distance between the first network node and the second network node, wherein; dimming the plurality of points in the second n-dimensional graph comprises reducing visibility of the plurality of points in the second n-dimensional graph by a percentage; and the percentage is based at least in part on the distance between the first network node and the second network node; and combining the first n-dimensional graph with the second n-dimensional graph to generate a third n-dimensional graph comprising points from each of the first n-dimensional graph and the second n-dimensional graph, the points of the third n-dimensional graph that are from the second n-dimensional graph being dimmed based at least in part on the distance between the first network node and the second network node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for security information management in a network, comprising a first network node and a second network node, the first and second network nodes each comprising:
-
at least one sensor configured to receive event information for a plurality of events, wherein the event information for a particular event comprises a plurality of attributes associated with the particular event; and a processor configured to; assign a plurality of attribute values to each event, the attribute values of each event defining a point in n-dimensional space; generate a first n-dimensional graph comprising a plurality of points, the points corresponding to the events; receive a second n-dimensional graph comprising a plurality of points; dim the plurality of points in the second n-dimensional graph based at least in part on a distance between the first network node and the second network node, wherein; dimming the plurality of points in the second n-dimensional graph comprises reducing visibility of the plurality of points in the second n-dimensional graph by a percentage; and the percentage is based at least in part on the distance between the first network node and the second network node; and combine the first n-dimensional graph with the second n-dimensional graph to generate a third n-dimensional graph comprising points from each of the first n-dimensional graph and the second n-dimensional graph, the points of the third n-dimensional graph that are from the second n-dimensional graph being dimmed based at least in part on the distance between the first network node and the second network node. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An apparatus for security information management in a network, comprising:
-
at least one sensor configured to receive, at a first network node, event information for a plurality of events, wherein the event information for a particular event comprises a plurality of attributes associated with the particular event; and a processor configured to; assign a plurality of attribute values to each event, the attribute values of each event defining a point in n-dimensional space; generate a first n-dimensional graph comprising a plurality of points, the points corresponding to the events; receive a second n-dimensional graph comprising a plurality of points, the second n-dimensional graph generated by a second network node; dim the plurality of points in the second n-dimensional graph based at least in part on a distance between the first network node and the second network node, wherein; dimming the plurality of points in the second n-dimensional graph comprises reducing visibility of the plurality of points in the second n-dimensional graph by a percentage; and the percentage is based at least in part on the distance between the first network node and the second network node; and combine the first n-dimensional graph with the second n-dimensional graph to generate a third n-dimensional graph comprising points from each of the first n-dimensional graph and the second n-dimensional graph, the points of the third n-dimensional graph that are from the second n-dimensional graph being dimmed based at least in part on the distance between the first network node and the second network node. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification