Security event management apparatus, systems, and methods
First Claim
Patent Images
1. A system, comprising:
- an interface to receive multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events;
a hierarchical classifier module coupled to a memory to store classification algorithms to operate on the multiple security events to provide a tree of domain-specific, categorized data streams according to arbitrary categories that are created using at least one of external knowledge or inbuilt intelligence, the arbitrary categories being dimensions;
andat least one processor to generate a hierarchy of statistical data streams from the dimensions, the statistical data streams being linked to a plurality of paths within the tree, the paths corresponding to different levels of classification.
12 Assignments
0 Petitions
Accused Products
Abstract
Apparatus, systems, and methods may operate to receive multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events. Additional operations may include extracting multiple security events from multiple security event data streams, and classifying the extracted multiple security events to form domain-specific, categorized data streams. A hierarchy of statistical data streams may then be generated from the domain-specific, categorized data streams. Additional apparatus, systems, and methods are disclosed.
20 Citations
17 Claims
-
1. A system, comprising:
-
an interface to receive multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events; a hierarchical classifier module coupled to a memory to store classification algorithms to operate on the multiple security events to provide a tree of domain-specific, categorized data streams according to arbitrary categories that are created using at least one of external knowledge or inbuilt intelligence, the arbitrary categories being dimensions; and at least one processor to generate a hierarchy of statistical data streams from the dimensions, the statistical data streams being linked to a plurality of paths within the tree, the paths corresponding to different levels of classification. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A processor-implemented method to execute on one or more processors that perform the method, comprising:
-
receiving multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events; classifying the multiple security events to form a tree of domain-specific, categorized data streams according to arbitrary categories that are created using at least one of external knowledge or inbuilt intelligence, the arbitrary categories being dimensions; and generating a hierarchy of statistical data streams from the dimensions, including linking the statistical data streams to a plurality of paths within the tree, the paths corresponding to different levels of classification. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A processor-implemented method to execute on one or more processors that perform the method, comprising:
-
extracting multiple security events from multiple security event data streams; classifying the extracted multiple security events to form a tree of domain-specific, categorized data streams according to arbitrary categories that are created using at least one of external knowledge or inbuilt intelligence, the arbitrary categories being dimensions; and generating a hierarchy of statistical data streams from the dimensions, including linking the statistical data streams to a plurality of paths within the tree, the paths corresponding to different levels of classification. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification