Integrating security policy and event management

US 8,839,349 B2
Filed: 12/29/2011
Issued: 09/16/2014
Est. Priority Date: 10/18/2011
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

identify a plurality of security events detected in a computing system, each security event in the plurality of security events based on at least one policy in a plurality of security policies defined for the computing system;

present a first representation of the plurality of security events in an interactive graphical user interface, wherein the first representation of the plurality of security events includes a plurality of selectable event elements, each event element representing at least one security event in the plurality of security events;

receive, via the interactive graphical user interface, a user selection of a particular event element presented in the first representation;

identify a subset of the plurality of security policies, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element; and

present, in the interactive graphical user interface, based on the user selection, a listing of the subset of security policies based on the user selection of the particular event element.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of security events is detected in a computing system, each security event based on at least one policy in a plurality of security policies. Respective interactive graphical representations are presented in a graphical user interface (GUI) of either or both of the security events or security policies. The representations include interactive graphical elements representing the respective security events or security policies. User selection of a particular event element via the interactive GUI causes a subset of the security policies to be identified, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element. User selection of a particular policy element via the interactive GUI causes a subset of the security policies to be identified, each security event in the subset based at least in part on a particular security policy represented by the particular policy element.

28 Citations

View as Search Results

21 Claims

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a plurality of security events detected in a computing system, each security event in the plurality of security events based on at least one policy in a plurality of security policies defined for the computing system;
  
  present a first representation of the plurality of security events in an interactive graphical user interface, wherein the first representation of the plurality of security events includes a plurality of selectable event elements, each event element representing at least one security event in the plurality of security events;
  
  receive, via the interactive graphical user interface, a user selection of a particular event element presented in the first representation;
  
  identify a subset of the plurality of security policies, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element; and
  
  present, in the interactive graphical user interface, based on the user selection, a listing of the subset of security policies based on the user selection of the particular event element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The storage medium of claim 1, wherein the plurality of security events are provided by at least one security tool adapted to detect security events in a computing system.
  - 3. The storage medium of claim 2, wherein the at least one security tool is a firewall.
  - 4. The storage medium of claim 1, wherein the particular event element represents at least two particular security events and the subset of security policies includes all security policies serving as a basis for any one of the at least two particular security events.
  - 5. The storage medium of claim 4, wherein the subset of security policies includes at least two security policies.
  - 6. The storage medium of claim 1, wherein the at least one particular security event was triggered in response to a detected violation of at least one of the subset of security policies.
  - 7. The storage medium of claim 1, wherein selection of the particular event element causes a window to be displayed including a view of attributes of the at least one particular security event.
  - 8. The storage medium of claim 1, wherein the instructions, when executed, further cause the machine to receive, via the interactive graphical user interface, a user selection of a particular security policy presented in the listing of the subset of security policies.
  - 9. The storage medium of claim 8, wherein selection of the particular security policy presented in the listing causes a window to be displayed including a view of attributes of the particular security policy.
  - 10. The storage medium of claim 8, wherein the instructions, when executed, further cause the machine to:
    - receive user inputs, via the window, indicating a modification to the particular security policy; and
      
      modify the particular security policy in accordance with the indicated modification.
  - 11. The storage medium of claim 1, wherein the instructions, when executed, further cause the machine to:
    - receive a request to edit a particular one of the subset of security policies; and
      
      modify the particular security policy in accordance with user inputs received via the interactive graphical user interface.
  - 12. The storage medium of claim 11, wherein a security tool applies the modified particular security policy to monitoring of a computing system.
  - 13. The storage medium of claim 12, wherein applying the modified particular security policy to monitoring of the computing system includes:
    - identifying a violation, during the monitoring, of the modified particular security policy;
      
      generating a particular security event based on the violation; and
      
      providing data for use in a representation of the particular security event in the interactive user interface.
  - 14. The storage medium of claim 1, wherein an attribute of at least the particular security event or the subset of security policies is defined in a particular corresponding data object, in a plurality of data objects of the computing system.
  - 15. The storage medium of claim 14, wherein the first representation includes a graphical representation of data in the particular data object representing attributes of the at least one particular security event.
  - 16. The storage medium of claim 15, wherein the graphical representation of the data in the particular data object includes a selectable object element and selection of the selectable object element in the graphical representation of the particular data object causes an object view window to be presented in the interactive user interface presenting a view of the particular object.
  - 17. The storage medium of claim 16, wherein the instructions, when executed, further cause the machine to:
    - receive user inputs, via the object view window, indicating a modification to the particular data object; and
      
      modify the particular data object in accordance with the indicated modification, wherein modification to the particular data object affects subsequent security tasks performed by one or more security tools using the particular data object.
  - 18. The storage medium of claim 1, wherein the first representation includes a bubble representation including a plurality of graphical bubble elements, each graphical bubble element is a selectable event element, and each graphical bubble element represents a corresponding amount of events detected for a corresponding intersection of two respective event attributes.
  - 19. The storage medium of claim 1, wherein the first representation includes an event trend chart representation including a plurality of chronological trend line elements, each chronological trend line element is a selectable event element, and each chronological trend line element represents security events in the plurality of security events detected within a corresponding time period.

20. A method comprising:
- identifying a plurality of security events detected in a computing system, each security event in the plurality of security events based on at least one policy in a plurality of security policies defined for the computing system;
  
  presenting a first representation of the plurality of security events in an interactive graphical user interface, wherein the first representation of the plurality of security events includes a plurality of selectable event elements, each event element representing at least one security event in the plurality of security events;
  
  receiving, via the interactive graphical user interface, a user selection of a particular event element presented in the first representation;
  
  identifying a subset of the plurality of security policies, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element; and
  
  presenting, in the interactive graphical user interface, based on the user selection, a listing of the subset of security policies based on the user selection of the particular event element.

21. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a security event user interface engine, comprising logic when executed by the at least one processor device to;
  
  identify a plurality of security events detected in a computing system, each security event in the plurality of security events based on at least one policy in a plurality of security policies defined for the computing system;
  
  present a first representation of at least a portion of the plurality of security policies in an interactive graphical user interface, wherein the first representation of the portion of security policies includes a plurality of selectable policy elements, each policy element representing at least one security policy in the plurality of security policies;
  
  receive, via the interactive graphical user interface, a user selection of a particular policy element presented in the first representation;
  
  identify a subset of the plurality of security events, each security event in the subset based at least in part on at least one particular security policy represented by the particular policy element; and
  
  present, in the interactive graphical user interface, based on the user selection, a listing of the subset of the plurality of security events based on the user selection of the particular policy element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Pearcy, Derek Patton, Heinrich, Jessica Anne, Gaskins, Jessica Jeanne, Phillips, Craig Anthony
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US13/340,597
Publication Number

US 20130097662A1
Time in Patent Office

992 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

G06F 3/04842   Selection of displayed obje...

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

Integrating security policy and event management

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Integrating security policy and event management

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links