US2006021021A1PendingUtilityA1

Security event data normalization

45
Assignee: PATEL RAJESHPriority: Jun 8, 2004Filed: Jun 8, 2005Published: Jan 26, 2006
Est. expiryJun 8, 2024(expired)· nominal 20-yr term from priority
Inventors:Rajesh Patel
H04L 63/20H04L 43/00H04L 41/069H04L 41/0226H04L 67/565
45
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Normalizing security event data from multiple different network agents. The data from the multiple different agents is categorized and tagged with a descriptor that includes information about the nature of the event. Multiple different events from multiple different devices can therefore be evaluated using a common format which is common for the multiple different devices from different vendors.

Claims

exact text as granted — not AI-modified
1 . A method, comprising: 
 receiving a packet from a network security agent indicating a network event;    converting the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and    using the security event tag to represent the event in place of the packet.    
   
   
       2 . A method as in  claim 1 , further comprising determining if the packet is from a registered device.  
   
   
       3 . A method as in  claim 1 , wherein the network security agent is one of a firewall, a network intrusion system, a router, or a virtual private network.  
   
   
       4 . A method as in  claim 1 , wherein the security event tag has common fields for the same event from different agents.  
   
   
       5 . A method as in  claim 1 , wherein the security event tag represents at least an IP address, at least one port, and at least one signature identifier.  
   
   
       6 . A system, comprising: 
 A port that receives a packet from a network security agent indicating a network event;    A processing engine operating to convert the packet to a security event tag that represents information indicative of the event and information indicative of a type of agent which detected the event; and    A security monitoring system that uses the security event tag to represent the event in place of the packet.    
   
   
       7 . A system as in  claim 6 , further comprising the network security agent.  
   
   
       8 . A system as in  claim 7 , wherein said network security agent is one of a firewall, a network intrusion system, a router, or a virtual private network.  
   
   
       9 . A method as in  claim 6 , wherein the security event tag has common fields for the same event from different agents.  
   
   
       10 . A method as in  claim 9 , wherein the security event tag represents at least an IP address, at least one port, and at least one signature identifier.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.