Security event data normalization
First Claim
Patent Images
1. A method, comprising:
- registering, with at least one processor, a network security agent, the registering comprising determining a functional category of the network security agent, the functional category being associated with a numerical identifier;
receiving, with the at least one processor, a packet from the network security agent indicating a network event;
converting, with the at least one processor, the packet to a security event tag that numerically represents a broad classification of the event, the numerical identifier associated with the functional category of the network security agent that detected the event, and a category of the event; and
using the security event tag to represent the event in place of the packet.
19 Assignments
0 Petitions
Accused Products
Abstract
Normalizing security event data from multiple different network agents. The data from the multiple different agents is categorized and tagged with a descriptor that includes information about the nature of the event. Multiple different events from multiple different devices can therefore be evaluated using a common format which is common for the multiple different devices from different vendors.
46 Citations
14 Claims
-
1. A method, comprising:
-
registering, with at least one processor, a network security agent, the registering comprising determining a functional category of the network security agent, the functional category being associated with a numerical identifier; receiving, with the at least one processor, a packet from the network security agent indicating a network event; converting, with the at least one processor, the packet to a security event tag that numerically represents a broad classification of the event, the numerical identifier associated with the functional category of the network security agent that detected the event, and a category of the event; and using the security event tag to represent the event in place of the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a port that receives a packet from a network security agent indicating a network event; and at least one processor constructed and arranged to; register the network security agent, the registering comprising determining a functional category of the network security agent, the functional category being associated with a numerical identifier, and convert the packet to a security event tag that numerically represents a broad classification of the event, the numerical identifier associated with the functional category of the network security agent that detected the event, and a category of the event; wherein the security event tag represents the event in place of the packet. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification