Event integration frameworks

US 10,382,486 B2
Filed: 09/28/2012
Issued: 08/13/2019
Est. Priority Date: 09/28/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

by an event integration tool (“

EIT”

) implemented by computing hardware and configured to integrate information from a compliance and configuration control (“

CCC”

) tool with a security information and event management (“

SIEM”

) or logging tool, thereby providing a flexible output mechanism that allows a user or support engineer to customize the output from the CCC tool;

reading, by the EIT, output format configuration data defining a user-selected output format selected from multiple output formats;

inputting, by the EIT, first compliance data parsed from a compliance report generated by the CCC tool, the first compliance data indicating compliance results for one or more nodes in an information technology (“

IT”

) network relative to one or more compliance policies at a first time period;

determining, by the EIT, a compliance trend for the one or more nodes in the IT network by comparing the first compliance data to second compliance data from a previous compliance report, the second compliance data from the previous compliance report indicating the compliance status of the one or more nodes in the IT network at a second earlier time period that is previous to and different from the first time period; and

conditionally generating, by the EIT, an output message for the SIEM or logging tool according to the user-selected setting output format, the generating being performed only when (a) the compliance trend is less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period, and (b) the user-selected setting indicates a conditional reporting mode in which output messages are generated only if the compliance trend indicates that the one or more nodes are less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from a compliance and configuration control (“CCC”) tool and generating information for a security information and event management (“SIEM”) tool based on the information from the CCC tool. For example, in one exemplary embodiment, information from a CCC tool is transferred to a SIEM tool or logging tool by receiving the information from the CCC tool in a format that is not recognized by the SIEM tool or logging tool, and generating an output message in a message format that is recognized by the SIEM tool or logging tool. In particular embodiments, the message format is a customizable message format that is adaptable to multiple different SIEM tools or logging tools. In further embodiments, the data transferred to the SIEM tool comprises data indicative of compliance policy changes.

67 Citations

View as Search Results

12 Claims

1. A computer-implemented method, comprising:
- by an event integration tool (“
  
  EIT”
  
  ) implemented by computing hardware and configured to integrate information from a compliance and configuration control (“
  
  CCC”
  
  ) tool with a security information and event management (“
  
  SIEM”
  
  ) or logging tool, thereby providing a flexible output mechanism that allows a user or support engineer to customize the output from the CCC tool;
  
  reading, by the EIT, output format configuration data defining a user-selected output format selected from multiple output formats;
  
  inputting, by the EIT, first compliance data parsed from a compliance report generated by the CCC tool, the first compliance data indicating compliance results for one or more nodes in an information technology (“
  
  IT”
  
  ) network relative to one or more compliance policies at a first time period;
  
  determining, by the EIT, a compliance trend for the one or more nodes in the IT network by comparing the first compliance data to second compliance data from a previous compliance report, the second compliance data from the previous compliance report indicating the compliance status of the one or more nodes in the IT network at a second earlier time period that is previous to and different from the first time period; and
  
  conditionally generating, by the EIT, an output message for the SIEM or logging tool according to the user-selected setting output format, the generating being performed only when (a) the compliance trend is less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period, and (b) the user-selected setting indicates a conditional reporting mode in which output messages are generated only if the compliance trend indicates that the one or more nodes are less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the generating further comprises generating the output message in a message format adapted for the SIEM or logging tool.
  - 3. The method of claim 1, wherein the compliance results are provided by respective software agents that are running at the one or more nodes and that are configured to detect changes at the one or more nodes.
  - 4. The method of claim 1, wherein the compliance results comprise data identifying a name of a node that has changed and data identifying a name of a policy that detected the changed node.

5. One or more non-transitory computer-readable media storing computer-executable instructions which when executed by a computer cause the computer to perform a method for integrating information from a compliance and configuration control (“
- CCC”
  
  ) tool with a security information and event management (“
  
  STEM”
  
  ) or logging tool using an event integration tool that provides a flexible output mechanism allowing a user or support engineer to customize the output from the CCC tool, the method comprising;
  
  reading output format configuration data defining a user-selected output format;
  
  inputting compliance data parsed from a compliance report generated by the CCC tool, the compliance data indicating compliance results for one or more nodes in an information technology (“
  
  IT”
  
  ) network relative to one or more compliance policies at a first time period;
  
  determining a compliance trend for one or more nodes in the IT network by comparing the compliance data to compliance data from a previous compliance report, the compliance data from the previous compliance report indicating the compliance status of the one or more nodes in the IT network at a second earlier time period that is previous to and different from the first time period; and
  
  conditionally generating an output message for the SIEM or logging tool according to the user-selected setting output format, the generating being performed only when (a) the compliance trend is less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period, and (b) the user-selected setting indicates a conditional reporting mode in which output messages are generated only if the compliance trend indicates that the one or more nodes are less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period.
- View Dependent Claims (6, 7, 8)
- - 6. The one or more non-transitory computer-readable media of claim 5, wherein the generating further comprises generating the output message in a message format adapted for the STEM or logging tool.
  - 7. The one or more non-transitory computer-readable media of claim 5, wherein the compliance results are provided by respective software agents that are running at the one or more nodes and that are configured to detect changes at the one or more nodes.
  - 8. The one or more non-transitory computer-readable media of claim 5, wherein the compliance results comprise data identifying a name of a node that has changed and data identifying a name of a policy that detected the changed node.

9. A system, comprising:
- one or more processors; and
  
  one or more non-transitory computer-readable media storing computer-executable instructions which when executed by the one or more processors cause the one or more processors to perform a method for integrating information from a compliance and configuration control (“
  
  CCC”
  
  ) tool with a security information and event management (“
  
  STEM”
  
  ) or logging tool using an event integration tool that provides a flexible output mechanism allowing a user or support engineer to customize the output from the CCC tool, comprising;
  
  reading output format configuration data defining a user-selected output format;
  
  inputting compliance data parsed from a compliance report generated by the CCC tool, the compliance data indicating compliance results for one or more nodes in an information technology (“
  
  IT”
  
  ) network relative to one or more compliance policies at a first time period;
  
  determining a compliance trend for one or more nodes in the IT network by comparing the compliance data to compliance data from a previous compliance report, the compliance data from the previous compliance report indicating the compliance status of the one or more nodes in the IT network at a second earlier time period that is previous to and different from the first time period; and
  
  conditionally generating an output message for the SIEM or logging tool according to the user-selected setting output format, the generating being performed only when (a) the compliance trend is less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period, and (b) the user-selected setting indicates a conditional reporting mode in which output messages are generated only if the compliance trend indicates that the one or more nodes are less compliant in the compliance report for the first time period than indicated by the previous compliance report for the second earlier time period.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein the generating further comprises generating the output message in a message format adapted for the STEM or logging tool.
  - 11. The system of claim 9, wherein the compliance results are provided by respective software agents that are running at the one or more nodes and that are configured to detect changes at the one or more nodes.
  - 12. The system of claim 9, wherein the compliance results comprise data identifying a name of a node that has changed and data identifying a name of a policy that detected the changed node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tripwire Incorporated (Belden Inc.)
Original Assignee
Tripwire Incorporated (Belden Inc.)
Inventors
Rivers, Stephen
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
Lakhia, Viral S

Application Number

US13/631,611
Publication Number

US 20140096181A1
Time in Patent Office

2,510 Days
Field of Search

726 1, 726 30, 726 3, 709225, 709226
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/604   Tools and structures for ma...

H04L 63/20   for managing network securi...

Event integration frameworks

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Event integration frameworks

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links