Invention Application
WO2008052133A2 TRACKING CHANGING STATE DATA TO ASSIST IN COMPUTER NETWORK SECURITY
审中-公开
跟踪更改状态数据以协助计算机网络安全
- Patent Title: TRACKING CHANGING STATE DATA TO ASSIST IN COMPUTER NETWORK SECURITY
- Patent Title (中): 跟踪更改状态数据以协助计算机网络安全
-
Application No.: PCT/US2007/082560Application Date: 2007-10-25
-
Publication No.: WO2008052133A2Publication Date: 2008-05-02
- Inventor: SINGLA, Anurag , SAURABH, Kumar , TIDWELL, Kenny, C.
- Applicant: ARCSIGHT, INC. , SINGLA, Anurag , SAURABH, Kumar , TIDWELL, Kenny, C.
- Applicant Address: 5 Results Way Cupertino, CA 95014 US
- Assignee: ARCSIGHT, INC.,SINGLA, Anurag,SAURABH, Kumar,TIDWELL, Kenny, C.
- Current Assignee: ARCSIGHT, INC.,SINGLA, Anurag,SAURABH, Kumar,TIDWELL, Kenny, C.
- Current Assignee Address: 5 Results Way Cupertino, CA 95014 US
- Agency: TRUESDALE, Sabra-Anne
- Priority: US60/862,932 20061025; US11/923,502 20071024
- Main IPC: G06F17/30
- IPC: G06F17/30
Abstract:
A session table includes one or more records, where each record represents a session. Session record information is stored in various fields, such as key fields, value fields, and timestamp fields. Session information is described as keys and values in order to support query/lookup operations. A session table is associated with a filter, which describes a set of keys that can be used for records in that table. A session table is populated using data contained in security information/events. Rules are created to identify events related to session information, extract the session information, and use the session information to modify a session table. A session table is partitioned so that the number of records in each session table partition is decreased. A session table is processed periodically so that active sessions are moved to the current partition.
Information query
