-
公开(公告)号:US07861299B1
公开(公告)日:2010-12-28
申请号:US11836251
申请日:2007-08-09
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1425
摘要: A network security system is provided that receives information from various sensors and can analyze the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.
摘要翻译: 提供一种从各种传感器接收信息并且可以分析所接收的信息的网络安全系统。 在本发明的一个实施例中,这样的系统从软件代理接收安全事件。 所接收的安全事件包括由软件代理产生的目标地址和事件签名。 事件签名可用于确定接收到的安全事件利用的一组漏洞,并且目标地址可用于标识网络内的目标资产。 通过访问目标资产的模型,可以检索目标资产公开的一组漏洞。 然后,可以通过将安全事件利用的一组漏洞与目标资产公开的一组漏洞进行比较来检测威胁。
-
公开(公告)号:US07260844B1
公开(公告)日:2007-08-21
申请号:US10655062
申请日:2003-09-03
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1425
摘要: A network security system is provided that receives information from various sensors and can analyse the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.
摘要翻译: 提供一种从各种传感器接收信息并且可以分析所接收的信息的网络安全系统。 在本发明的一个实施例中,这样的系统从软件代理接收安全事件。 所接收的安全事件包括由软件代理产生的目标地址和事件签名。 可以使用事件签名来确定接收的安全事件利用的一组漏洞,并且可以使用目标地址来识别网络内的目标资产。 通过访问目标资产的模型,可以检索目标资产公开的一组漏洞。 然后,可以通过将安全事件利用的一组漏洞与目标资产公开的一组漏洞进行比较来检测威胁。
-
公开(公告)号:US07984502B2
公开(公告)日:2011-07-19
申请号:US12243838
申请日:2008-10-01
申请人: Kumar Saurabh , Kenny C. Tidwell
发明人: Kumar Saurabh , Kenny C. Tidwell
CPC分类号: H04L63/1416 , G06F21/552
摘要: Patterns can be discovered in events collected by a network system. In one embodiment, the present invention includes collecting and storing events from a variety of monitor devices. In one embodiment, a subset of the stored events is provided to a manager as an event stream. In one embodiment, the present invention further includes the manager discovering one or more previously unknown event patterns in the event stream.
摘要翻译: 可以在网络系统收集的事件中发现模式。 在一个实施例中,本发明包括收集和存储来自各种监视器装置的事件。 在一个实施例中,存储的事件的子集作为事件流被提供给管理器。 在一个实施例中,本发明还包括管理器发现事件流中的一个或多个先前未知的事件模式。
-
公开(公告)号:US09824107B2
公开(公告)日:2017-11-21
申请号:US11923502
申请日:2007-10-24
申请人: Anurag Singla , Kumar Saurabh , Kenny C. Tidwell
发明人: Anurag Singla , Kumar Saurabh , Kenny C. Tidwell
CPC分类号: G06F17/30333 , G06F17/30492 , G06F17/30551 , H04L29/12783 , H04L61/35 , H04L63/1408 , H04L63/20 , H04L67/142
摘要: A session table includes one or more records, where each record represents a session. Session record information is stored in various fields, such as key fields, value fields, and timestamp fields. Session information is described as keys and values in order to support query/lookup operations. A session table is associated with a filter, which describes a set of keys that can be used for records in that table. A session table is populated using data contained in security information/events. Rules are created to identify events related to session information, extract the session information, and use the session information to modify a session table. A session table is partitioned so that the number of records in each session table partition is decreased. A session table is processed periodically so that active sessions are moved to the current partition.
-
公开(公告)号:US09262519B1
公开(公告)日:2016-02-16
申请号:US13489267
申请日:2012-06-05
IPC分类号: G06F17/30
CPC分类号: G06F17/30598 , G06F17/30542 , G06F17/3071
摘要: Analyzing log data, such as security log data and event data, is disclosed. Log data is received. Portions of the log data are clustered into clusters of similar data portions. A signature for each cluster is generated. Comparison of subsequent log data with the signature indicates whether the subsequent log data belongs in the cluster.
摘要翻译: 公开了日志数据的分析,例如安全日志数据和事件数据。 收到日志数据。 日志数据的部分被聚类成类似数据部分的集群。 生成每个集群的签名。 后续日志数据与签名的比较表明后续日志数据是否属于集群。
-
公开(公告)号:US08862537B1
公开(公告)日:2014-10-14
申请号:US13174003
申请日:2011-06-30
IPC分类号: G06F17/30
CPC分类号: G06F17/30563 , G06F21/602 , G06F21/606
摘要: Obfuscating data is disclosed. A processor identifies structured information in log data. The structured information is transformed in a manner that preserves the structure to form transformed raw data. The transformed raw data is sent to a remote analysis engine. The remote analysis engine receives a query and responds to the query by providing as results at least a portion of the transformed raw data. A processor is configured to de-transform the transformed raw data.
摘要翻译: 公开了混淆数据。 处理器识别日志数据中的结构化信息。 结构化信息以保留结构以形成转换的原始数据的方式被转换。 转换的原始数据被发送到远程分析引擎。 远程分析引擎接收查询并通过提供至少一部分转换的原始数据作为结果来响应查询。 处理器被配置为去变换转换的原始数据。
-
公开(公告)号:US08983912B1
公开(公告)日:2015-03-17
申请号:US13173882
申请日:2011-06-30
IPC分类号: G06F17/30
CPC分类号: G06F17/30861 , G06F17/30017 , H04L43/04 , H04L67/10
摘要: Data collection and transmission is disclosed. A server is configured to receive, from a remote device, a message including raw information, and to parse at least a portion of the received raw information. The raw information is received by the system from an information reporting module interface of the remote device. The information reporting module of the remote device is configured to receive information from at least one separately installed information reporting module. A client device includes an information reporting module interface and a server interface. The client device is configured to receive configuration information from a remote server.
摘要翻译: 披露数据收集和传输。 服务器被配置为从远程设备接收包括原始信息的消息,并且解析所接收的原始信息的至少一部分。 原始信息由系统从远程设备的信息报告模块接口接收。 远程设备的信息报告模块被配置为从至少一个单独安装的信息报告模块接收信息。 客户端设备包括信息报告模块接口和服务器接口。 客户端设备配置为从远程服务器接收配置信息。
-
公开(公告)号:US09135560B1
公开(公告)日:2015-09-15
申请号:US13174128
申请日:2011-06-30
CPC分类号: G06N5/022 , H04L29/0653 , H04L41/0853 , H04L41/22
摘要: The automatic selection and usage of a parser is disclosed. Raw data is received from a first remote device. At least a portion of the raw data is evaluated using a plurality of rules. A confidence measure is determined for at least some of the rules. An indication that the raw data pertains to a source is provided as output when the confidence measure exceeds a threshold.
摘要翻译: 公开了解析器的自动选择和使用。 从第一远程设备接收原始数据。 使用多个规则评估原始数据的至少一部分。 确定至少一些规则的置信度量度。 当置信度超过阈值时,提供原始数据与源相关的指示作为输出。
-
9.发明申请公开(公告)号:US20150140186A1
公开(公告)日:2015-05-21
申请号:US14540516
申请日:2014-11-13
IPC分类号: A23L3/3463 , A01N37/10 , A01N43/90 , A23L1/39 , A01N37/02
CPC分类号: A23L3/34635 , A01N37/02 , A01N37/10 , A01N43/90 , A23B4/20 , A23B4/22 , A23B7/154 , A23B7/155 , A23L3/3463 , A23L3/3508
摘要: The protection of low-acid, high moisture and/or high water activity processed food products against outgrowth of Clostridium botulinum. It was surprisingly found that combinations of propionic acid and/or a salt thereof with nisin are very effective in preventing Clostridium botulinum outgrowth. In certain embodiments, cinnamic acid and/or a salt thereof can be added to these combinations to give particularly good results. These combinations provide a preservative system that is particularly effective against Clostridium botulinum outgrowth. The use of these preservative systems in food products that are conductive to Clostrisium botulinum outgrowth. The food products including these preservative systems and the methods of producing them.
摘要翻译: 保护低酸,高水分和/或高水分活性加工食品抵抗肉毒杆菌的生长。 惊奇地发现丙酸和/或其盐与乳链菌肽的组合对于预防肉毒梭菌生长是非常有效的。 在某些实施方案中,可以将肉桂酸和/或其盐加入到这些组合中,以获得特别好的结果。 这些组合提供了对肉毒梭菌生长特别有效的防腐剂系统。 这些防腐剂系统在肉毒杆菌生长导致的食品中的应用。 这些食品包括这些防腐剂系统及其生产方法。
-
公开(公告)号:US08930380B1
公开(公告)日:2015-01-06
申请号:US13174208
申请日:2011-06-30
IPC分类号: G06F17/30
CPC分类号: G06F17/30598 , G06F11/3476 , G06F17/2282 , G06F17/271 , G06F17/40
摘要: Automatically generating a parser is disclosed. Raw data is received from a first remote device. A determination that the raw data does not, within a predefined confidence measure, conform to any rules included in a set of rules is made. A clustering function is performed on the raw data. At least one parser rule is generated based on the clustering.
摘要翻译: 公开了自动生成解析器。 从第一远程设备接收原始数据。 确定原始数据在预定义的置信度量内不符合包含在一组规则中的任何规则。 对原始数据执行聚类功能。 基于聚类生成至少一个解析器规则。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.025 秒)
