US2011173359A1PendingUtilityA1

Computer-implemented method and system for security event transport using a message bus

43
Assignee: NOVELL INCPriority: Jul 15, 2005Filed: Mar 1, 2011Published: Jul 14, 2011
Est. expiryJul 15, 2025(expired)· nominal 20-yr term from priority
G06F 9/542G06F 2209/544
43
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A computer-implemented device provides security events from publishers to subscribers. There is provided a message bus, configured to contain a plurality of security events. Also provided is a receiver unit, responsive to a plurality of publishers, to receive the plurality of security events from the publishers. There is also a queue unit, responsive to receipt of the security events, to queue the plurality of security events in the message bus. Also, there is a transport unit, responsive to the security events in the message bus, to transport the plurality of security events in the message bus to a plurality of subscribers.

Claims

exact text as granted — not AI-modified
1 . A computer-implemented device for providing security events from publishers to subscribers, comprising:
 a message bus, configured to contain a plurality of security events;   a receiver unit, responsive to a plurality of publishers, to receive the plurality of security events from the publishers;   a queue unit, responsive to receipt of the security events, to queue the plurality of security events in the message bus; and   a transport unit, responsive to the security events in the message bus, to transport the plurality of security events in the message bus to a plurality of subscribers.   
     
     
         2 . The device of  claim 1 , wherein the message bus further includes a plurality of queues, each of the queues corresponding to a different priority, the priority being user-defined, wherein each of the security events is associated with a priority, and wherein the queue unit queues each security event in the corresponding queue. 
     
     
         3 . The device of  claim 1 , wherein the message bus includes a plurality of channels, each of the channels corresponding to partitioned bandwidth reserved in the message bus responsive to predefined types of at least one of security events, aggregated security events, and security information; and wherein the queue unit queues the at least one of security events, aggregated security events, and security information in the corresponding channel. 
     
     
         4 . The device of  claim 1 , further comprising a meter, responsive to the security events in the message bus, to dynamically determine metrics of the security events in the message bus and to provide the metrics for further use. 
     
     
         5 . The device of  claim 1 , wherein the at least one publisher includes a plurality of collectors, each of the collectors collecting data from security components and, responsive to the data, providing the security events to the receiver unit. 
     
     
         6 . The device of  claim 1 , wherein the receiver unit further receives vulnerability data, determines security events and non-security events in the message bus corresponding thereto, and associates the vulnerability data with corresponding security events and non-security events. 
     
     
         7 . The device of  claim 1 , wherein the receiver unit further enriches the security events in the message bus by associating at least one of taxonomy, detection information, and business relevance information with at least some of the security events in the message bus. 
     
     
         8 . A computer-implemented method for processing security events, comprising: receiving a plurality of security events from at least one publisher;
 queuing the plurality of security events in a message bus, responsive to receipt of the security events; and   transporting, by a computer, the plurality of security events in the message bus to a plurality of subscribers.   
     
     
         9 . The method of  claim 8 , wherein there are provided a plurality of queues in the message bus, each of the queues corresponding to a priority, the priority being user-defined, wherein each of the security events is associated with a priority, and wherein each security event is queued in the corresponding queue. 
     
     
         10 . The method of  claim 8 , wherein the message bus comprises a plurality of channels, each of the channels corresponding to bandwidth which is partitioned and reserved in the message bus responsive to predefined types of at least one of security events, aggregated security events, and security information. 
     
     
         11 . The method of  claim 8 , further comprising dynamically determining metrics of the security events in the message bus, responsive to the security events therein; and providing the metrics for further use. 
     
     
         12 . The method of  claim 8 , wherein the at least one publisher includes a plurality of collectors, each of the collectors collecting data from security components and, responsive to the data, providing the security events to be queued. 
     
     
         13 . The method of  claim 8 , further comprising receiving vulnerability data, determining security events in the message bus corresponding thereto, and associating the vulnerability data with corresponding events. 
     
     
         14 . The method of  claim 8 , further comprising providing a dynamic display representative of the security events in the message bus. 
     
     
         15 . The method of  claim 8 , further comprising enriching the security events in the message bus by associating at least one of taxonomy, detection information, and business relevance information with at least some of the security events in the message bus. 
     
     
         16 . A computer readable medium comprising instructions for execution by a computer, the instructions including a computer-implemented method for processing security events, the instructions for implementing the steps of:
 receiving a plurality of security events from a plurality of publishers;   queuing the plurality of security events in a message bus, responsive to receipt of thereof; and   transporting the plurality of security events on the message bus to a plurality of subscribers.   
     
     
         17 . The computer readable medium of  claim 16 ,
 wherein there are provided a plurality of queues in the message bus, each of the queues corresponding to a different priority;   wherein each of the security events is associated with a priority; and   
       further comprising instructions for queuing each security event in the corresponding queue. 
     
     
         18 . The computer readable medium of  claim 16 ,
 wherein the message bus comprises a plurality of channels, each of the channels corresponding to bandwidth reserved in the message bus responsive to predefined types of at least one of security events, aggregated security events, and security information; and   further comprising instructions for queuing the at least one of security events, aggregated security events, and security information in the corresponding channel.   
     
     
         19 . The computer readable medium of  claim 16 , further comprising instructions for dynamically determining metrics of the security events in the message bus, responsive to the security events therein; and
 providing the metrics for further use.   
     
     
         20 . The computer readable medium of  claim 16 ,
 wherein the plurality of publishers includes a plurality of collectors; and   further comprising instructions corresponding to each of the collectors for collecting data from security components and, responsive to the data, providing the security events to be queued.   
     
     
         21 . The computer readable medium of  claim 16 , further comprising instructions for receiving vulnerability data, determining security events in the message bus corresponding thereto, and associating the vulnerability data with corresponding security events. 
     
     
         22 . The computer readable medium of  claim 16 , further comprising instructions for providing a dynamic display representative of the security events in the message bus. 
     
     
         23 . The computer readable medium of  claim 16 , further comprising instructions for enriching the security events in the message bus by associating at least one of taxonomy, detection information, and business relevance information with at least some of the security events in the message bus.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.