Please download the dossier by clicking on the dossier button x
×

System and method for automated configuration of intrusion detection systems

  • US 9,479,523 B2
  • Filed: 04/28/2014
  • Issued: 10/25/2016
  • Est. Priority Date: 04/28/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • receiving from a network investigation system one or more combinations of metadata parameters that have been identified by an analyst of the network investigation system as being indicative of malicious traffic within network traffic, wherein the receiving is performed by a first interface of an apparatus comprising the first interface, a second interface, and a processor;

    based on the received combinations of the metadata parameters, formulating, by the processor, one or more Intrusion Detection System (IDS) rules that identify the malicious traffic, wherein formulating the IDS rules comprises presenting both the network traffic and the combinations of metadata parameters to an operator on a computer terminal via a graphical user interface (GUI), wherein the GUI allows the operator to manipulate the presentation of the network traffic and the combinations of metadata parameters so as to find combinations of metadata parameter values that are characteristic of the malicious traffic, and upon finding the combinations of metadata parameter values that are characteristic of the malicious traffic, automatically generating, by the processor, an IDS rule that matches the found combinations; and

    configuring, by the processor via the second interface, an IDS to identify the malicious traffic in the network traffic, by provisioning the IDS with the IDS rules.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×