×

System and method for event log review

  • US 8,402,002 B2
  • Filed: 09/22/2006
  • Issued: 03/19/2013
  • Est. Priority Date: 09/23/2005
  • Status: Active Grant
First Claim
Patent Images

1. A system, comprising:

  • an event log source configured to generate raw event log data associated with modification of an asset of an electronic network;

    a security information manager configured to receive and normalize the raw event log data into a common data format, the normalized event log data including information associated with an event;

    wherein the normalized event log data includes an asset identifier, the log report generator extracting the asset identifier from the normalized event log data and retrieving asset information from the asset database using the asset identifier included in the normalized event log data;

    at least one computer including an event log database configured to store the normalized event log data and an asset database configured to store asset information where only the asset database is maintained to provide accurate information regarding the assets, the event log database being inaccessible by authorized users in order to maintain integrity of the data;

    wherein the event log data are received, processed, and stored in real-time as the events occur throughout the network;

    a log report generator configured to correlate the normalized event log data in the event log database with the asset information in the asset database and to package the correlated event log data and asset information into a log report;

    a review monitor configured to track a review status of the log report, the review monitor including an electronic notification configured to notify a reviewer of the log report to be reviewed, the review monitor notifying the reviewer of delinquency of a review if the log report is not reviewed within a predetermined time period, the review monitor including a user interface configured to escalate the log report for further review in the event that the reviewer selects a notify link on the user interface; and

    a report tracking database configured to store the review status of the log report, wherein the review status includes an escalation of the log report for further review upon determination regarding the modification of the asset was suspicious activity, and at least one of a first time stamp of when availability of the log report is communicated to a reviewer, a period of time covered by the log report, and a second time stamp of when the log report is reviewed,wherein the log report generator packages the correlated event log data according to asset type or asset name.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×