公开(公告)号：US20100198636A1

公开(公告)日：2010-08-05

申请号：US12424428

申请日：2009-04-15

申请人： Usman Choudhary ,  John Melvin Antony ,  Michael Howard Cooper ,  Pattabiraman Srinivasan

发明人： Usman Choudhary ,  John Melvin Antony ,  Michael Howard Cooper ,  Pattabiraman Srinivasan

IPC分类号： G06Q10/00 ,  G06Q50/00 ,  G06F21/00

CPC分类号： H04L63/1433 ,  G06F21/552 ,  G06F21/554 ,  G06Q10/06 ,  G06Q10/0635

摘要： Described herein is a system and method for auditing governance, risk, and compliance using an event correlation architecture. In particular, the event correlation architecture may include a solution designer for defining a solution pack that enforces one or more specific governance, risk, or compliance controls, and a solution manager for deploying the solution pack within the event correlation architecture to configure the architecture for enforcement of the one or more controls. Thus, a collection of content defined in the solution pack may be used to enrich one or more events received at the event correlation architecture, and a correlation engine may then correlate the events using the content in the solution pack to enforce the one or more governance, risk, or compliance controls.

摘要翻译： 这里描述的是使用事件关联体系结构来审计治理，风险和合规性的系统和方法。 特别地，事件关联体系结构可以包括用于定义强制执行一个或多个特定治理，风险或合规性控制的解决方案包的解决方案设计者，以及用于在事件关联体系结构内部署解决方案包的解决方案管理器， 执行一个或多个控件。 因此，可以使用解决方案包中定义的内容的集合来丰富在事件相关架构处接收到的一个或多个事件，然后相关引擎可以使用解决方案包中的内容来关联事件以执行一个或多个治理 ，风险或合规控制。

公开(公告)号：US10057285B2

公开(公告)日：2018-08-21

申请号：US12424428

申请日：2009-04-15

申请人： Usman Choudhary ,  John Melvin Antony ,  Michael Howard Cooper ,  Pattabiraman Srinivasan

发明人： Usman Choudhary ,  John Melvin Antony ,  Michael Howard Cooper ,  Pattabiraman Srinivasan

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06Q10/06

CPC分类号： H04L63/1433 ,  G06F21/552 ,  G06F21/554 ,  G06Q10/06 ,  G06Q10/0635

摘要： Described herein is a system and method for auditing governance, risk, and compliance using an event correlation architecture. In particular, the event correlation architecture may include a solution designer for defining a solution pack that enforces one or more specific governance, risk, or compliance controls, and a solution manager for deploying the solution pack within the event correlation architecture to configure the architecture for enforcement of the one or more controls. Thus, a collection of content defined in the solution pack may be used to enrich one or more events received at the event correlation architecture, and a correlation engine may then correlate the events using the content in the solution pack to enforce the one or more governance, risk, or compliance controls.

公开(公告)号：US08966392B2

公开(公告)日：2015-02-24

申请号：US13219843

申请日：2011-08-29

申请人： John Melvin Antony ,  Paul Apostolescu ,  Pattabiraman Srinivasan ,  Prathap Adusumilli ,  Usman Choudhary

发明人： John Melvin Antony ,  Paul Apostolescu ,  Pattabiraman Srinivasan ,  Prathap Adusumilli ,  Usman Choudhary

IPC分类号： G09G5/14 ,  G05B19/418 ,  G05B23/02 ,  H04L29/06

CPC分类号： G05B19/41875 ,  G05B23/024 ,  H04L63/1408

摘要： Apparatus, systems, and methods may operate to generate a reference statistical model of an operating system, such as a computer system, and display the reference statistical model as a hierarchical, segmented time series event stream graph, along with a graph representing current behavior of the system. The event stream graph may be derived from one or more streams of security events. Additional operations may include receiving requests to display further detail respecting discrepancies between the reference statistical model and the current behavior. Other apparatus, systems, and methods are disclosed.

摘要翻译： 装置，系统和方法可以操作以产生诸如计算机系统的操作系统的参考统计模型，并且将参考统计模型显示为分层的，分段的时间序列事件流图，以及表示当前行为的图 系统。 事件流图可以从一个或多个安全事件流导出。 附加操作可以包括接收关于参考统计模型和当前行为之间的差异的进一步细节的请求。 公开了其他装置，系统和方法。

公开(公告)号：US20130055145A1

公开(公告)日：2013-02-28

申请号：US13219843

申请日：2011-08-29

申请人： John Melvin Antony ,  Paul Apostolescu ,  Pattabiraman Srinivasan ,  Prathap Adusumilli ,  Usman Choudhary

发明人： John Melvin Antony ,  Paul Apostolescu ,  Pattabiraman Srinivasan ,  Prathap Adusumilli ,  Usman Choudhary

IPC分类号： G06F3/048

CPC分类号： G05B19/41875 ,  G05B23/024 ,  H04L63/1408

摘要： Apparatus, systems, and methods may operate to generate a reference statistical model of an operating system, such as a computer system, and display the reference statistical model as a hierarchical, segmented time series event stream graph, along with a graph representing current behavior of the system. The event stream graph may be derived from one or more streams of security events. Additional operations may include receiving requests to display further detail respecting discrepancies between the reference statistical model and the current behavior. Other apparatus, systems, and methods are disclosed.

摘要翻译： 设备，系统和方法可以操作以产生诸如计算机系统的操作系统的参考统计模型，并且将参考统计模型显示为分层的，分段的时间序列事件流图，以及表示当前行为的图 系统。 事件流图可以从一个或多个安全事件流导出。 附加操作可以包括接收关于参考统计模型和当前行为之间的差异的进一步细节的请求。 公开了其他装置，系统和方法。

公开(公告)号：US20110173359A1

公开(公告)日：2011-07-14

申请号：US13037870

申请日：2011-03-01

申请人： Dipto CHAKRAVARTY ,  Usman Choudhary ,  Ofer Zajicek ,  Srinivasa Phanindra Mallapragada ,  John Paul Gassner ,  Frank Anthony Pellegrino ,  John Melvin Antony ,  Tao Yu ,  Michael Howard Cooper ,  William Matthew Weiner ,  Magdalence Ramona Merritt ,  Peng Liu ,  Raghunath Boyalakuntla ,  Srivani Sangita ,  Vasile Adiaconitei ,  Shahid Saied Malik ,  Karthik Ramu ,  Prathap Adusumilli ,  Walter Mathews ,  Adedoyin Akinnurun ,  Brett Hankins

发明人： Dipto CHAKRAVARTY ,  Usman Choudhary ,  Ofer Zajicek ,  Srinivasa Phanindra Mallapragada ,  John Paul Gassner ,  Frank Anthony Pellegrino ,  John Melvin Antony ,  Tao Yu ,  Michael Howard Cooper ,  William Matthew Weiner ,  Magdalence Ramona Merritt ,  Peng Liu ,  Raghunath Boyalakuntla ,  Srivani Sangita ,  Vasile Adiaconitei ,  Shahid Saied Malik ,  Karthik Ramu ,  Prathap Adusumilli ,  Walter Mathews ,  Adedoyin Akinnurun ,  Brett Hankins

IPC分类号： G06F13/14

CPC分类号： G06F9/542 ,  G06F2209/544

摘要： A computer-implemented device provides security events from publishers to subscribers. There is provided a message bus, configured to contain a plurality of security events. Also provided is a receiver unit, responsive to a plurality of publishers, to receive the plurality of security events from the publishers. There is also a queue unit, responsive to receipt of the security events, to queue the plurality of security events in the message bus. Also, there is a transport unit, responsive to the security events in the message bus, to transport the plurality of security events in the message bus to a plurality of subscribers.

摘要翻译： 计算机实现的设备向发布者提供安全事件给用户。 提供了一种消息总线，其被配置为包含多个安全事件。 还提供了响应于多个发布者从发布者接收多个安全事件的接收器单元。 还存在响应于接收到安全事件的队列单元来排队消息总线中的多个安全事件。 此外，存在响应于消息总线中的安全事件的传送单元，将消息总线中的多个安全事件传送到多个订户。

公开(公告)号：US08185488B2

公开(公告)日：2012-05-22

申请号：US12081540

申请日：2008-04-17

申请人： Dipto Chakravarty ,  Usman Choudhary ,  John Melvin Antony ,  Michael Howard Cooper ,  Jason Lee Arrington ,  Cheryl Witt

发明人： Dipto Chakravarty ,  Usman Choudhary ,  John Melvin Antony ,  Michael Howard Cooper ,  Jason Lee Arrington ,  Cheryl Witt

IPC分类号： G06F17/00 ,  G06N5/02

CPC分类号： G06N5/022

摘要： A system for pluggable event correlation may include an input manager that receives a plurality of events and converts the events into a format compatible with one or more of a plurality of correlation engines. The correlation engines may then evaluate the converted events using various rules and generate correlated events when the evaluated events trigger at least one of the rules. An action manager may execute remedial actions when the correlation engines generate the correlated events. Moreover, extensibility may be provided by enabling a user to define rules to be triggered when events occur in a predetermined pattern, and actions to be executed when a predetermined rule triggers a correlated event. Further, to plug a new correlation engine into the system, adapters may be deployed to handle input and output, while the user-defined rules may be validating according to semantic requirements of the new correlation engine.

摘要翻译： 用于可插拔事件相关的系统可以包括输入管理器，其接收多个事件并将事件转换成与多个相关引擎中的一个或多个相兼容的格式。 然后，相关引擎可以使用各种规则评估转换的事件，并且当评估的事件触发至少一个规则时产生相关事件。 当相关引擎产生相关事件时，动作管理器可以执行补救动作。 此外，可以通过使用户能够定义当事件以预定模式发生时要触发的规则以及当预定规则触发相关事件时要执行的动作来提供可扩展性。 此外，为了将新的相关引擎插入到系统中，可以部署适配器来处理输入和输出，而用户定义的规则可以根据新的相关引擎的语义要求进行验证。

公开(公告)号：US07926099B1

公开(公告)日：2011-04-12

申请号：US11317231

申请日：2005-12-27

申请人： Dipto Chakravarty ,  Usman Choudhary ,  Ofer Zajicek ,  Srinivasa Phanindra Mallapragada ,  John Paul Gassner ,  Frank Anthony Pellegrino ,  John Melvin Antony ,  Tao Yu ,  Michael Howard Cooper ,  William Matthew Weiner ,  Magdalene Ramona Merritt ,  Peng Liu ,  Raghunath Boyalakuntla ,  Srivani Sangita ,  Vasile Adiaconitei ,  Shahid Saied Malik ,  Karthik Ramu ,  Prathap Adusumilli ,  Walter Mathews ,  Adedoyin Akinnurun ,  Brett Hankins

发明人： Dipto Chakravarty ,  Usman Choudhary ,  Ofer Zajicek ,  Srinivasa Phanindra Mallapragada ,  John Paul Gassner ,  Frank Anthony Pellegrino ,  John Melvin Antony ,  Tao Yu ,  Michael Howard Cooper ,  William Matthew Weiner ,  Magdalene Ramona Merritt ,  Peng Liu ,  Raghunath Boyalakuntla ,  Srivani Sangita ,  Vasile Adiaconitei ,  Shahid Saied Malik ,  Karthik Ramu ,  Prathap Adusumilli ,  Walter Mathews ,  Adedoyin Akinnurun ,  Brett Hankins

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/00

CPC分类号： G06F9/542 ,  G06F2209/544

摘要： A computer-implemented device provides security events from publishers to subscribers. There is provided a message bus, configured to contain a plurality of security events. Also provided is a receiver unit, responsive to a plurality of publishers, to receive the plurality of security events from the publishers. There is also a queue unit, responsive to receipt of the security events, to queue the plurality of security events in the message bus. Also, there is a transport unit, responsive to the security events in the message bus, to transport the plurality of security events in the message bus to a plurality of subscribers.

摘要翻译： 计算机实现的设备向发布者提供安全事件给用户。 提供了一种消息总线，其被配置为包含多个安全事件。 还提供了响应于多个发布者从发布者接收多个安全事件的接收器单元。 还存在响应于接收到安全事件的队列单元来排队消息总线中的多个安全事件。 此外，存在响应于消息总线中的安全事件的传送单元，将消息总线中的多个安全事件传送到多个订户。

公开(公告)号：US20090265288A1

公开(公告)日：2009-10-22

申请号：US12081540

申请日：2008-04-17

申请人： Dipto Chakravarty ,  Usman Choudhary ,  John Melvin Antony ,  Michael Howard Cooper ,  Jason Lee Arrington ,  Cheryl Witt

发明人： Dipto Chakravarty ,  Usman Choudhary ,  John Melvin Antony ,  Michael Howard Cooper ,  Jason Lee Arrington ,  Cheryl Witt

IPC分类号： G06N5/02 ,  G06F3/048

CPC分类号： G06N5/022

摘要： A system for pluggable event correlation may include an input manager that receives a plurality of events and converts the events into a format compatible with one or more of a plurality of correlation engines. The correlation engines may then evaluate the converted events using various rules and generate correlated events when the evaluated events trigger at least one of the rules. An action manager may execute remedial actions when the correlation engines generate the correlated events. Moreover, extensibility may be provided by enabling a user to define rules to be triggered when events occur in a predetermined pattern, and actions to be executed when a predetermined rule triggers a correlated event. Further, to plug a new correlation engine into the system, adapters may be deployed to handle input and output, while the user-defined rules may be validating according to semantic requirements of the new correlation engine.

摘要翻译： 用于可插拔事件相关的系统可以包括输入管理器，其接收多个事件并将事件转换成与多个相关引擎中的一个或多个相兼容的格式。 然后，相关引擎可以使用各种规则评估转换的事件，并且当评估的事件触发至少一个规则时产生相关事件。 当相关引擎产生相关事件时，动作管理器可以执行补救动作。 此外，可以通过使用户能够定义当事件以预定模式发生时要触发的规则以及当预定规则触发相关事件时要执行的动作来提供可扩展性。 此外，为了将新的相关引擎插入到系统中，可以部署适配器来处理输入和输出，而用户定义的规则可以根据新的相关引擎的语义要求进行验证。

公开(公告)号：US09715675B2

公开(公告)日：2017-07-25

申请号：US11643773

申请日：2006-12-22

申请人： Dipto Chakravarty ,  John Melvin Antony ,  Usman Choudhary ,  David Capuano ,  Srinivasa Phanindra Mallapragada

发明人： Dipto Chakravarty ,  John Melvin Antony ,  Usman Choudhary ,  David Capuano ,  Srinivasa Phanindra Mallapragada

IPC分类号： G06Q10/10 ,  G06Q10/06

CPC分类号： G06Q10/10 ,  G06Q10/06 ,  G06Q10/063114 ,  G06Q10/06316 ,  G06Q10/0633

摘要： The invention relates to a system and method for customizing and storing workflow processes for use in remediation incidents such as security events. One aspect of the invention relates to providing tools to enable creation of customized workflow processes for event driven incident remediation, monitoring and analyzing system activity to identify occurrence of incidents, assigning a workflow process to an incident, applying the assigned workflow process to remediate the incident, and tracking and graphically displaying the status of the workflow process, among other things.

公开(公告)号：US20080040191A1

公开(公告)日：2008-02-14

申请号：US11643773

申请日：2006-12-22

申请人： Dipto Chakravarty ,  John Melvin Antony ,  Usman Choudhary ,  David Capuano ,  Srinivasa Phanindra Mallapragada

发明人： Dipto Chakravarty ,  John Melvin Antony ,  Usman Choudhary ,  David Capuano ,  Srinivasa Phanindra Mallapragada

IPC分类号： G06F9/46

CPC分类号： G06Q10/10 ,  G06Q10/06 ,  G06Q10/063114 ,  G06Q10/06316 ,  G06Q10/0633

摘要： The invention relates to a system and method for customizing and storing workflow processes for use in remediation incidents such as security events. One aspect of the invention relates to providing tools to enable creation of customized workflow processes for event driven incident remediation, monitoring and analyzing system activity to identify occurrence of incidents, assigning a workflow process to an incident, applying the assigned workflow process to remediate the incident, and tracking and graphically displaying the status of the workflow process, among other things.

摘要翻译： 本发明涉及一种用于定制和存储用于诸如安全事件的修复事件中的工作流程的系统和方法。 本发明的一个方面涉及提供工具，以便能够创建用于事件驱动的事件修复，监视和分析系统活动的自定义工作流过程以识别事件的发生，向事件分配工作流程，应用所分配的工作流程以修复事件 ，并跟踪和图形显示工作流过程的状态等等。