Asset model import connector
First Claim
Patent Images
1. An asset model import connector comprising a hardware processor to:
- receive asset data from a data source, wherein the asset data describes an asset with a network interface;
determine an operation to be performed at a security information and event management (SIEM) system different than the data source based on the received asset data and different than the asset model import connector comprising the hardware processor determining the operation, wherein the STEM system stores security event data for a computer network and correlates the security event data with the received asset data;
determine asset attributes from a schema to include in code to instruct the STEM system to perform the operation;
generate the code by populating the asset attributes in the code with values from the received asset data, the code including the determined operation to be performed at the SIEM system, the code executable at the STEM system to perform the determined operation in relation to the asset data described by the asset attributes; and
send the generated code to the STEM system, the SIEM system performing the determined operation on the asset described by the received asset data having the value with which the asset attributes have been populated in the code.
8 Assignments
0 Petitions
Accused Products
Abstract
An asset model import connector includes an interface to receive asset data from a data source and a normalize module. The normalize module determines an operation to be performed at a system based on the received asset data and determines code to perform the determined operation. The schema may be populated with attributes from the asset data, and sent to the system.
-
Citations
16 Claims
-
1. An asset model import connector comprising a hardware processor to:
-
receive asset data from a data source, wherein the asset data describes an asset with a network interface; determine an operation to be performed at a security information and event management (SIEM) system different than the data source based on the received asset data and different than the asset model import connector comprising the hardware processor determining the operation, wherein the STEM system stores security event data for a computer network and correlates the security event data with the received asset data; determine asset attributes from a schema to include in code to instruct the STEM system to perform the operation; generate the code by populating the asset attributes in the code with values from the received asset data, the code including the determined operation to be performed at the SIEM system, the code executable at the STEM system to perform the determined operation in relation to the asset data described by the asset attributes; and send the generated code to the STEM system, the SIEM system performing the determined operation on the asset described by the received asset data having the value with which the asset attributes have been populated in the code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable medium including machine readable instructions executable by a processor to:
-
store a plurality of different code templates at an asset model import connector, wherein the code templates describe different operations to be performed on asset data stored at a security information and event management (SIEM) system that is external to the asset model import connector; receive asset data from a data source different than the STEM system, wherein the received asset data describes an asset with a network interface, wherein the SIEM system stores security event data for a computer network and correlates the security event data with the received asset data; determine an operation to be performed on the asset data stored at the SIEM system based on the received asset data, the SIEM different than the processor determining the operation; select one of the plurality of code templates for the operation; generate code from the selected code template, wherein the code includes asset attributes from a schema used to store the asset data at the SIEM system, the code including the determined operation to be performed at the SIEM system, the code executable at the SIEM to perform the determined operation in relation to the asset data described by the asset attributes; and send the generated code to the SIEM system, the SIEM system performing the determined operation on the asset described by the received asset data associated with the asset attributes that have been included in the code. - View Dependent Claims (11, 12, 13)
-
-
14. A method of normalizing asset data at an asset model import connector, the method comprising:
-
receiving asset data from a data source, wherein the asset data describes an asset with a network interface; determining an operation to be performed at a security information and event management (SIEM) system different than the data source based on the received asset data and different than the asset model import connector determining the operation, wherein the SIEM system stores security event data for a computer network and correlates the security event data with the received asset data; generating, by at least one hardware processor, code to instruct the STEM system to perform the operation, wherein the code includes asset attributes from a schema, and the schema is used by the STEM system to store data for assets, the code including the determined operation to be performed at the STEM system, the code executable at the SIEM system to perform the determined operation in relation to the asset data described by the asset attributes; populating the asset attributes in the code with values from the received asset data; and sending the code with the populated asset values to the SIEM system, the SIEM system performing the determined operation on the asset described by the received asset data having the value with which the asset attributes have been populated in the code. - View Dependent Claims (15, 16)
-
Specification