公开(公告)号：WO2008052133A2

公开(公告)日：2008-05-02

申请号：PCT/US2007/082560

申请日：2007-10-25

Applicant: ARCSIGHT, INC. ,  SINGLA, Anurag ,  SAURABH, Kumar ,  TIDWELL, Kenny, C.

Inventor： SINGLA, Anurag ,  SAURABH, Kumar ,  TIDWELL, Kenny, C.

IPC: G06F17/30

CPC classification number: G06F17/30333 ,  G06F17/30492 ,  G06F17/30551 ,  H04L29/12783 ,  H04L61/35 ,  H04L63/1408 ,  H04L63/20 ,  H04L67/142

Abstract: A session table includes one or more records, where each record represents a session. Session record information is stored in various fields, such as key fields, value fields, and timestamp fields. Session information is described as keys and values in order to support query/lookup operations. A session table is associated with a filter, which describes a set of keys that can be used for records in that table. A session table is populated using data contained in security information/events. Rules are created to identify events related to session information, extract the session information, and use the session information to modify a session table. A session table is partitioned so that the number of records in each session table partition is decreased. A session table is processed periodically so that active sessions are moved to the current partition.

Abstract translation: 会话表包括一个或多个记录，其中每个记录表示会话。 会话记录信息存储在各种字段中，例如键字段，值字段和时间戳字段。 会话信息被描述为键和值以支持查询/查找操作。 会话表与过滤器相关联，过滤器描述了可用于该表中的记录的一组密钥。 使用安全信息/事件中包含的数据填充会话表。 创建规则以识别与会话信息相关的事件，提取会话信息，并使用会话信息来修改会话表。 会话表被分区，使得每个会话表分区中的记录数量减少。 周期性地处理会话表，以便将活动会话移动到当前分区。

公开(公告)号：WO2008052133A3

公开(公告)日：2008-09-04

申请号：PCT/US2007082560

申请日：2007-10-25

Applicant: ARCSIGHT INC ,  SINGLA ANURAG ,  SAURABH KUMAR ,  TIDWELL KENNY C

Inventor： SINGLA ANURAG ,  SAURABH KUMAR ,  TIDWELL KENNY C

IPC: H04L9/00

CPC classification number: G06F17/30333 ,  G06F17/30492 ,  G06F17/30551 ,  H04L29/12783 ,  H04L61/35 ,  H04L63/1408 ,  H04L63/20 ,  H04L67/142

Abstract: A session table includes one or more records, where each record represents a session. Session record information is stored in various fields, such as key fields, value fields, and timestamp fields. Session information is described as keys and values in order to support query/lookup operations. A session table is associated with a filter, which describes a set of keys that can be used for records in that table. A session table is populated using data contained in security information/events. Rules are created to identify events related to session information, extract the session information, and use the session information to modify a session table. A session table is partitioned so that the number of records in each session table partition is decreased. A session table is processed periodically so that active sessions are moved to the current partition.

Abstract translation: 会话表包含一个或多个记录，其中每个记录代表一个会话。 会话记录信息存储在各个字段中，如关键字段，值字段和时间戳字段。 会话信息被描述为键和值以支持查询/查找操作。 会话表与过滤器相关联，该过滤器描述可用于该表中的记录的一组密钥。 会话表使用安全信息/事件中包含的数据填充。 创建规则以识别与会话信息相关的事件，提取会话信息并使用会话信息修改会话表。 会话表被分区，以便减少每个会话表分区中的记录数。 会话表会定期处理，以便将活动会话移动到当前分区。