摘要:
A method and system for maintaining a self-updating security information repository. A plurality of types of security information are stored in a corresponding plurality of information storage units, such as database tables. A plurality of configuration files respectively associated with the information storage units are stored, and each configuration file includes update parameters of the associated information storage unit. Each information storage unit is periodically automatically updated based on its update parameters. The information storage units can be searched to return security information of different types in one search.
摘要:
Method and apparatus for processing log data produced by a network is described. In one example, entries in the log data are filtered using a plurality of filters to select first entries from the entries. The first entries are filtered using a plurality of false positive filters associated with the plurality of filters to select second entries from the first entries. Unique IP addresses are identified in the second entries. The entries in the log data are then filtered using the unique IP addresses to select third set entries. The third entries are analyzed to detect one or more patterns.
摘要:
Method and apparatus for processing log data produced by a network is described. In one example, entries in the log data are filtered using a plurality of filters to select first entries from the entries. The first entries are filtered using a plurality of false positive filters associated with the plurality of filters to select second entries from the first entries. Unique IP addresses are identified in the second entries. The entries in the log data are then filtered using the unique IP addresses to select third set entries. The third entries are analyzed to detect one or more patterns.
摘要:
A method of operating an appliance in a communication network includes receiving policy information associated with at least one network access account from a responsible party associated with the account, the policy information restricting and/or expanding allowable use of the communication network, and controlling access to the communication network based on the received policy information.
摘要:
A method and apparatus for generating a reconnaissance index for a communications network is described. In one embodiment, scan detection data is initially received. A number of scan flows and a number of unique source Internet protocol (SIP) addresses initiating said number of scan flows is then identified from said scan detection data. Afterwards, a reconnaissance index is generated by utilizing said number of scan flows and said number of unique SIP addresses.