US2006021021A1PendingUtilityA1
Security event data normalization
Est. expiryJun 8, 2024(expired)· nominal 20-yr term from priority
Inventors:Rajesh Patel
H04L 63/20H04L 43/00H04L 41/069H04L 41/0226H04L 67/565
45
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Normalizing security event data from multiple different network agents. The data from the multiple different agents is categorized and tagged with a descriptor that includes information about the nature of the event. Multiple different events from multiple different devices can therefore be evaluated using a common format which is common for the multiple different devices from different vendors.
Claims
exact text as granted — not AI-modified1 . A method, comprising:
receiving a packet from a network security agent indicating a network event; converting the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and using the security event tag to represent the event in place of the packet.
2 . A method as in claim 1 , further comprising determining if the packet is from a registered device.
3 . A method as in claim 1 , wherein the network security agent is one of a firewall, a network intrusion system, a router, or a virtual private network.
4 . A method as in claim 1 , wherein the security event tag has common fields for the same event from different agents.
5 . A method as in claim 1 , wherein the security event tag represents at least an IP address, at least one port, and at least one signature identifier.
6 . A system, comprising:
A port that receives a packet from a network security agent indicating a network event; A processing engine operating to convert the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and A security monitoring system that uses the security event tag to represent the event in place of the packet.
7 . A system as in claim 6 , further comprising the network security agent.
8 . A system as in claim 7 , wherein said network security agent is one of a firewall, a network intrusion system, a router, or a virtual private network.
9 . A method as in claim 6 , wherein the security event tag has common fields for the same event from different agents.
10 . A method as in claim 9 , wherein the security event tag represents at least an IP address, at least one port, and at least one signature identifier.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.