Rule-based network-threat detection

CAFC
  • US 9,413,722 B1
  • Filed: 09/15/2015
  • Issued: 08/09/2016
  • Est. Priority Date: 04/17/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, by a packet-filtering device, a plurality of packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to at least one of a plurality of network-threat indicators;

    receiving, by the packet-filtering device, a plurality of packets, wherein the plurality of packets comprises a first packet and a second packet;

    responsive to a determination by the packet-filtering device that the first packet satisfies one or more criteria, specified by a packet-filtering rule of the plurality of packet-filtering rules, that correspond to one or more network-threat indicators of the plurality of network-threat indicators;

    applying, by the packet-filtering device and to the first packet, an operator specified by the packet-filtering rule and configured to cause the packet-filtering device to allow the first packet to continue toward a destination of the first packet;

    communicating, by the packet-filtering device, information from the packet-filtering rule that identifies the one or more network-threat indicators, and data indicative that the first packet was allowed to continue toward the destination of the first packet;

    causing, by the packet-filtering device and in an interface, display of the information in at least one portion of the interface corresponding to the packet-filtering rule and the one or more network-threat indicators;

    receiving, by the packet-filtering device, an instruction generated in response to a user invoking an element in the at least one portion of the interface corresponding to the packet-filtering rule and the one or more network-threat indicators; and

    responsive to receiving the instruction;

    modifying, by the packet-filtering device, at least one operator specified by the packet-filtering rule to reconfigure the packet-filtering device to prevent packets corresponding to the one or more criteria from continuing toward their respective destinations; and

    responsive to a determination by the packet-filtering device that the second packet corresponds to the one or more criteria;

    preventing, by the packet-filtering device, the second packet from continuing toward a destination of the second packet;

    communicating, by the packet-filtering device, data indicative that the second packet was prevented from continuing toward the destination of the second packet; and

    causing, by the packet-filtering device and in the interface, display of the data indicative that the second packet was prevented from continuing toward the destination of the second packet.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×