-
1.发明授权Systems and methods for correlating log messages into actionable security incidents and managing human responses 有权将日志消息与可操作的安全事件相关联并管理人类响应的系统和方法公开(公告)号:US08156553B1
公开(公告)日:2012-04-10
申请号:US12171713
申请日:2008-07-11
IPC分类号: G06F11/00
CPC分类号: G06Q10/06
摘要: Systems and methods for correlating log messages into actionable incidents. Some embodiments implement a method which includes comparing a plurality of disparate log messages to a plurality of incident descriptions. The disparate log messages can be parsed. When the messages correlate with an incident description an incident case can be created. Workflow steps can be associated with the incident case and output along with the incident case. Additional disparate log messages can be compared to the incident expressions and, when additional messages correlate with the correlated incident description, the incident case can be adjusted. In some embodiments, the adjustment can include adding workflow steps to the incident case. Results of various workflow steps can be monitored and adjustments can be made accordingly. In some embodiments, the results can include out-of-bounds activities.
摘要翻译: 将日志消息与可执行事件相关联的系统和方法。 一些实施例实现一种方法,其包括将多个不同的日志消息与多个事件描述进行比较。 可以解析不同的日志消息。 当消息与事件描述相关时,可以创建事件案例。 工作流程步骤可以与事件案例和输出以及事件案例相关联。 可以将额外的不同日志消息与事件表达式进行比较,并且当附加消息与相关事件描述相关时,可以调整事件情况。 在一些实施例中,调整可以包括向事件案例添加工作流步骤。 可以监控各种工作流步骤的结果,并进行相应的调整。 在一些实施例中,结果可以包括超出范围的活动。
-
2.发明授权公开(公告)号:US08407335B1
公开(公告)日:2013-03-26
申请号:US12141202
申请日:2008-06-18
申请人: Christopher A. Church , Paul Fisher , Eugene Golovinsky , Pavel S Trakhtman , Mikhail Govshteyn
发明人: Christopher A. Church , Paul Fisher , Eugene Golovinsky , Pavel S Trakhtman , Mikhail Govshteyn
IPC分类号: G06F15/173 , G06F15/16 , G06F11/00
CPC分类号: G06F11/3082 , G06F11/0709 , G06F11/0787 , G06F11/3006
摘要: An appliance is co-located on a network with computing devices. Log messages generated by the computing devices are collected by the appliance, filtered based on the content and stored in transmission priority queues based on the content. The appliance packetizes the log messages based on the transmission priority queue and the available bandwidth and compresses the packet. The appliance encrypts the packet, digitally signs the encrypted packet and sends the packet to a first data center over a public network. The first data center stores the packet in reliable storage and performs processing on the data. A copy of the packet is sent to a second data center that stores the copy and performs processing on the copied data. The appliance deletes the packet from its buffer after it has received acknowledgement that the second data center has received the packet.
摘要翻译: 设备与计算设备共同位于网络上。 由计算设备生成的日志消息由设备收集,基于内容过滤并基于内容存储在传输优先级队列中。 设备根据传输优先级队列和可用带宽对日志消息进行分组,并压缩报文。 设备加密数据包,对加密的数据包进行数字签名,并通过公共网络将数据包发送到第一个数据中心。 第一个数据中心将数据包存储在可靠的存储器中,并对数据进行处理。 数据包的副本被发送到存储复制的第二数据中心,并对复制的数据执行处理。 在收到第二个数据中心收到数据包的确认后,设备会从缓冲区中删除数据包。
-
公开(公告)号:US20100220625A1
公开(公告)日:2010-09-02
申请号:US12775781
申请日:2010-05-07
IPC分类号: H04L12/26
CPC分类号: H04L41/0879 , H04L41/0213 , H04L41/142 , H04L43/0882
摘要: A method for measuring and determining the duplex modes of a network interface. The method assumes the network interface to be operating in a half-duplex mode until the bandwidth utilization reaches a threshold. When the threshold is reached, the method checks the traffic collision in the interface. If there is no collision, then the duplex mode is determined to be full-duplex. If there is collision, then the duplex mode is determined to be half-duplex and an alarm is set off. In another embodiment, the interface type is determined through SNMP. If the interface is a WAN interface, then the interface is determined to be full-duplex.
摘要翻译: 一种用于测量和确定网络接口的双工模式的方法。 该方法假设网络接口在半双工模式下工作,直到带宽利用率达到阈值。 当达到阈值时,该方法检查接口中的流量冲突。 如果没有冲突,则双工模式被确定为全双工。 如果存在冲突,则双工模式被确定为半双工,并且报警被关闭。 在另一个实施例中,通过SNMP确定接口类型。 如果接口是WAN接口,则确定接口是全双工的。
-
4.发明申请公开(公告)号:US20050195746A1
公开(公告)日:2005-09-08
申请号:US10794090
申请日:2004-03-05
申请人: Eugene Golovinsky , Zsolt Lukacs , Wesley Noonan
发明人: Eugene Golovinsky , Zsolt Lukacs , Wesley Noonan
IPC分类号: H04L12/26
CPC分类号: H04L41/0879 , H04L41/0213 , H04L41/142 , H04L43/0882
摘要: A method for measuring and determining the duplex modes of a network interface. The method assumes the network interface to be operating in a half-duplex mode until the bandwidth utilization reaches a threshold. When the threshold is reached, the method checks the traffic collision in the interface. If there is no collision, then the duplex mode is determined to be full-duplex. If there is collision, then the duplex mode is determined to be half-duplex and an alarm is set off. In another embodiment, the interface type is determined through SNMP. If the interface is a WAN interface, then the interface is determined to be full-duplex.
摘要翻译: 一种用于测量和确定网络接口的双工模式的方法。 该方法假设网络接口在半双工模式下工作,直到带宽利用率达到阈值。 当达到阈值时,该方法检查接口中的流量冲突。 如果没有冲突,则双工模式被确定为全双工。 如果存在冲突,则双工模式被确定为半双工,并且报警被关闭。 在另一个实施例中,通过SNMP确定接口类型。 如果接口是WAN接口,则确定接口是全双工的。
-
5.发明授权Log message collection employing on-demand loading of message translation libraries 有权使用按需加载消息转换库的日志消息收集公开(公告)号:US08578393B1
公开(公告)日:2013-11-05
申请号:US12141209
申请日:2008-06-18
IPC分类号: G06F9/44
CPC分类号: G06F11/3476 , G06F9/44521
摘要: A log message collection system selects a configured host and fetches a log message. The log message collection system examines the fetched message to identify one or more DLLs necessary to translating the log message and determines whether the necessary DLL(s) have been loaded into a cache. If so, the log message is translated. If the DLLs are not in the cache, the log message collection system fetches from the log message host only the DLLs necessary to translate that fetched message. After the message is translated, the log message collection system fetches the next log message, identifies the necessary DLLs for that log message, and fetches the DLLs necessary to translate that message.
摘要翻译: 日志消息收集系统选择配置的主机并获取日志消息。 日志消息收集系统检查所获取的消息以识别翻译日志消息所需的一个或多个DLL,并确定是否已将必需的DLL加载到高速缓存中。 如果是这样,日志消息被翻译。 如果DLL不在缓存中,则日志消息收集系统从日志消息主机中只提取翻译该消息所需的DLL。 消息被翻译后,日志消息收集系统将获取下一个日志消息,标识该日志消息所需的DLL,并获取翻译该消息所需的DLL。
-
公开(公告)号:US20070143496A1
公开(公告)日:2007-06-21
申请号:US11306290
申请日:2005-12-21
IPC分类号: G06F15/173
CPC分类号: G06F17/3089
摘要: A Web Services availability cache is part of a computer system, such as an enterprise system of a business or organization. The availability cache is populated with information from Web Services communicatively connected to the computer system by a network connection. In one embodiment, the availability cache is populated based on each request handled by a server process associated with the availability cache. A server receives a request from a client having an application dependent upon information from the Web Service. The server sends the request to the Web Service and stores returned information in the availability cache. Also, the server sends the returned information to the client, which initiated to request. Once the cache is populated, the server handles subsequent requests for information from the client by using the Web Service if it is available or by using the availability cache if the Web Service is not available.
摘要翻译: Web服务可用性缓存是计算机系统的一部分,例如企业或组织的企业系统。 可用性缓存中填充有通过网络连接通信连接到计算机系统的Web服务的信息。 在一个实施例中,基于与可用性高速缓存相关联的服务器进程处理的每个请求来填充可用性高速缓存。 服务器从具有取决于来自Web服务的信息的应用的客户端接收请求。 服务器将请求发送到Web服务,并将返回的信息存储在可用性缓存中。 此外,服务器将返回的信息发送到客户端,客户端发起请求。 一旦缓存被填充,服务器通过使用Web服务(如果可用)处理来自客户端的后续请求信息,或者如果Web服务不可用,则使用可用性缓存。
-
7.发明授权公开(公告)号:US07742423B2
公开(公告)日:2010-06-22
申请号:US10794090
申请日:2004-03-05
CPC分类号: H04L41/0879 , H04L41/0213 , H04L41/142 , H04L43/0882
摘要: A method for measuring and determining the duplex modes of a network interface. The method assumes the network interface to be operating in a half-duplex mode until the bandwidth utilization reaches a threshold. When the threshold is reached, the method checks the traffic collision in the interface. If there is no collision, then the duplex mode is determined to be full-duplex. If there is collision, then the duplex mode is determined to be half-duplex and an alarm is set off. In another embodiment, the interface type is determined through SNMP. If the interface is a WAN interface, then the interface is determined to be full-duplex.
摘要翻译: 一种用于测量和确定网络接口的双工模式的方法。 该方法假设网络接口在半双工模式下工作,直到带宽利用率达到阈值。 当达到阈值时,该方法检查接口中的流量冲突。 如果没有冲突,则双工模式被确定为全双工。 如果存在冲突,则双工模式被确定为半双工,并且报警被关闭。 在另一个实施例中,通过SNMP确定接口类型。 如果接口是WAN接口,则确定接口是全双工的。
-
8.发明授权Systems and methods for automated log event normalization using three-staged regular expressions 有权使用三阶正则表达式的自动日志事件规范化的系统和方法公开(公告)号:US08079081B1
公开(公告)日:2011-12-13
申请号:US12163733
申请日:2008-06-27
申请人: Anton Lavrik , Pavel Trakhtman , Paul Fisher , Eugene Golovinsky
发明人: Anton Lavrik , Pavel Trakhtman , Paul Fisher , Eugene Golovinsky
IPC分类号: H04L29/06
CPC分类号: H04L41/069 , H04L63/102 , H04L63/12 , H04L63/1416
摘要: Methods and systems for normalizing log messages. Some methods include obtaining a freeform log message from one of many disparate programs. The methods can include determining which program originated the message and, based on that, determining a signature which matches the message. Using the signature, a parsing expression may be determined with which to extract information from a portion of the message. The time from obtaining the message to extracting the information can be about the same for all messages and can be about 1/40,000th of a second. In some embodiments, a generic signature of the message may be output. A version of the message may be reconstructed based on the generic signature and information. When more than one message signatures matches the reconstructed message, one of the matching signatures can be adjusted. The parsing expression can be the first of an ordered list of expressions which successfully evaluates the log message.
摘要翻译: 用于规范化日志消息的方法和系统 一些方法包括从许多不同的程序之一获取一个自由格式的日志消息。 所述方法可以包括确定哪个程序发起消息,并且基于此,确定与消息匹配的签名。 使用签名,可以确定解析表达式,以从消息的一部分中提取信息。 从获取消息到提取信息的时间对于所有消息可以是大致相同的,并且可以是大约1/40,000秒。 在一些实施例中,可以输出消息的通用签名。 可以基于通用签名和信息重建消息的版本。 当多于一个消息签名与重构消息匹配时,可以调整匹配签名中的一个。 解析表达式可以是成功评估日志消息的表达式的有序列表中的第一个。
-
公开(公告)号:US07940691B2
公开(公告)日:2011-05-10
申请号:US12775781
申请日:2010-05-07
CPC分类号: H04L41/0879 , H04L41/0213 , H04L41/142 , H04L43/0882
摘要: A method for measuring and determining the duplex modes of a network interface. The method assumes the network interface to be operating in a half-duplex mode until the bandwidth utilization reaches a threshold. When the threshold is reached, the method checks the traffic collision in the interface. If there is no collision, then the duplex mode is determined to be full-duplex. If there is collision, then the duplex mode is determined to be half-duplex and an alarm is set off. In another embodiment, the interface type is determined through SNMP. If the interface is a WAN interface, then the interface is determined to be full-duplex.
摘要翻译: 一种用于测量和确定网络接口的双工模式的方法。 该方法假设网络接口在半双工模式下工作,直到带宽利用率达到阈值。 当达到阈值时,该方法检查接口中的流量冲突。 如果没有冲突,则双工模式被确定为全双工。 如果存在冲突,则双工模式被确定为半双工,并且报警被关闭。 在另一个实施例中,通过SNMP确定接口类型。 如果接口是WAN接口,则确定接口是全双工的。
-
公开(公告)号:US07716353B2
公开(公告)日:2010-05-11
申请号:US11306290
申请日:2005-12-21
IPC分类号: G06F15/173
CPC分类号: G06F17/3089
摘要: A Web Services availability cache is part of a computer system, such as an enterprise system of a business or organization. The availability cache is populated with information from Web Services communicatively connected to the computer system by a network connection. In one embodiment, the availability cache is populated based on each request handled by a server process associated with the availability cache. A server receives a request from a client having an application dependent upon information from the Web Service. The server sends the request to the Web Service and stores returned information in the availability cache. Also, the server sends the returned information to the client, which initiated to request. Once the cache is populated, the server handles subsequent requests for information from the client by using the Web Service if it is available or by using the availability cache if the Web Service is not available.
摘要翻译: Web服务可用性缓存是计算机系统的一部分,例如企业或组织的企业系统。 可用性缓存中填充有通过网络连接通信连接到计算机系统的Web服务的信息。 在一个实施例中,基于与可用性高速缓存相关联的服务器进程处理的每个请求来填充可用性高速缓存。 服务器从具有取决于来自Web服务的信息的应用的客户端接收请求。 服务器将请求发送到Web服务,并将返回的信息存储在可用性缓存中。 此外,服务器将返回的信息发送到客户端,客户端发起请求。 一旦缓存被填充,服务器通过使用Web服务(如果可用)处理来自客户端的后续请求信息,或者如果Web服务不可用,则使用可用性缓存。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.019 秒)
