System and method for managing security events on a network
First Claim
1. A method for gathering security event data and rendering result data in a manageable format, the method comprising the steps of:
- a plurality of security devices generating security event data comprising a plurality of alerts in response to detecting a security event in a distributed computing environment, the security devices being logically coupled to a computer having a display;
the computer presenting a user interface via the display for configuring an event data report that identifies a portion of the security event data;
the computer receiving a selection via the user interface of one or more user-configurable variables operable for filtering the security event data, the user-configurable variables comprising at least one of a location of a security event, a source of a security event, and a destination address of a security event;
the computer collecting the security event data generated by the plurality of security devices;
the computer filtering the collected security event data using the one or more user-configurable variables to produce result data for the event data report, the filtering comprising passing collected security event data that matches the user-configurable variables as result data while blocking collected security event data that does not match the user-configurable variables from the result data;
the computer transmitting the result data to one or more clients; and
the one or more clients displaying the event data report comprising the result data.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented system for managing security event data collected from a computing network. The system employs an event managing software module that can reside on a computing network that is being monitored with security devices. The event managing software collects security event data from security devices located in the monitored computing network and can process the security event data. In processing the security event data, the event manager module can format the data and create manageable summaries of the data. The event manager also supports storage of the security event data and the results of any processing performed on the data. Security event data can be identified by the event manager for use in responding to a security event.
347 Citations
25 Claims
-
1. A method for gathering security event data and rendering result data in a manageable format, the method comprising the steps of:
-
a plurality of security devices generating security event data comprising a plurality of alerts in response to detecting a security event in a distributed computing environment, the security devices being logically coupled to a computer having a display; the computer presenting a user interface via the display for configuring an event data report that identifies a portion of the security event data; the computer receiving a selection via the user interface of one or more user-configurable variables operable for filtering the security event data, the user-configurable variables comprising at least one of a location of a security event, a source of a security event, and a destination address of a security event; the computer collecting the security event data generated by the plurality of security devices; the computer filtering the collected security event data using the one or more user-configurable variables to produce result data for the event data report, the filtering comprising passing collected security event data that matches the user-configurable variables as result data while blocking collected security event data that does not match the user-configurable variables from the result data; the computer transmitting the result data to one or more clients; and the one or more clients displaying the event data report comprising the result data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for managing security event data collected from a plurality of security devices in a distributed computing environment, the method comprising the steps of:
-
a plurality of security devices generating security event data in response to detecting a security event in a distributed computing environment, the security event data comprising a plurality of alerts; the security devices sending the security event data to a computer coupled to a display; the computer presenting a user interface via the display for configuring an event data report that identifies a portion of the security event data; the computer receiving a selection via the user interface of one or more user-configurable variables operable for filtering the security event data, the user-configurable variables comprising at least one of a security event type, a priority of a security event, and an identification of a system that detected a security event; the computer filtering the security event data using the one or more user-configurable variables to produce result data for the event data report, the filtering comprising passing security event data that matches the user-configurable variables as result data while blocking security event data that does not match the user-configurable variables from the result data; and the computer displaying via the display the event data report and the result data comprising filtered alerts based on the user-configurable variables. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product for gathering security event data and rendering result data in a manageable format, the computer program product comprising:
a computer-readable tangible storage device and computer-readable program code stored thereon, the computer-readable program code comprising; computer-readable program code to receive security event data from a plurality of security devices, the security event data comprising a plurality of alerts in response to detecting a security event in a distributed computing environment; computer-readable program code to present a user interface via a display for configuring an event data report that identifies a portion of the security event data; computer-readable program code to receive a selection via the user interface of one or more user-configurable variables operable for filtering the security event data, the user-configurable variables comprising at least one of a location of a security event, a source of a security event, and a destination address of a security event; computer-readable program code to filter the received security event data using the one or more user-configurable variables to produce result data for the event data report, the filtering comprising passing received security event data that matches the user-configurable variables as result data while blocking received security event data that does not match the user-configurable variables from the result data; and computer-readable program code to display the event data summary comprising the result data. - View Dependent Claims (17, 18, 19, 20)
-
21. A computer program product for managing security event data collected from a plurality of security devices in a distributed computing environment, the computer program product comprising:
a computer-readable tangible storage device and computer-readable program code stored thereon, the computer-readable program code comprising; computer-readable program code to receive security event data from a plurality of security devices in response to detecting a security event in a distributed computing environment, the security event data comprising a plurality of alerts; computer-readable program code to present a user interface via a display for configuring an event data report that identifies a portion of the security event data; computer-readable program code to receive a selection via the user interface of one or more user-configurable variables operable for filtering the security event data, the user-configurable variables comprising at least one of a security event type, a priority of a security event, and an identification of a system that detected a security event; computer-readable program code to filter the received security event data using the one or more user-configurable variables to produce result data for the event data report, the filtering comprising passing received security event data that matches the user-configurable variables as result data while blocking received security event data that does not match the user-configurable variables from the result data; and computer-readable program code to display the event data report and the result data comprising filtered alerts based on the selected variables. - View Dependent Claims (22, 23, 24, 25)
Specification