×

System and method for correlating network identities and addresses

  • US 8,438,270 B2
  • Filed: 01/26/2010
  • Issued: 05/07/2013
  • Est. Priority Date: 01/26/2010
  • Status: Active Grant
First Claim
Patent Images

1. A computer system for correlating network identities and addresses, comprising:

  • at least one processing device coupled to a machine-readable storage medium with computer executable instructions for implementing a log correlation engine in a network, wherein the log correlation engine causes the at least one processing device to;

    receive one or more logs that describe traffic observed on the network, wherein the network traffic includes one or more network sessions observed on the network;

    identify an authentication event described in the one or more logs, wherein the authentication event includes a network identity and a first network address observed in the one or more network sessions;

    map the first network address to a second network address from information in the one or more logs that describe the traffic observed in the network;

    map the network identity to one or more of the first network address or the second network address from the information in the one or more logs that describe the traffic observed in the network; and

    identify a relationship between the network identity, the first network address, and the second network address in response to mapping the first network address to the second network address and mapping the network identity to the first network address or the second network address, wherein a network identity and address list comprises a hash value generated from the first network address, the network identity, and a login type to provide an index that can be referenced to determine whether a corresponding entry in the network identity and address list includes new or updated information.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×