Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2006-04-05
2008-10-14
Luu, Le (Department: 2141)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C709S223000, C709S224000
Reexamination Certificate
active
07437359
ABSTRACT:
A system and method for building merged events from log entries received from multiple devices. Multiple log events generally contribute to a single merged event. In the described embodiment, the mapping module receives log entries associated with specific merged events and maps them to fields in the merged event data structure in accordance with mapping properties. The described embodiments of the invention use regular expressions in the merge properties to describe values that are searched for in the received log entries. A described embodiment of the present invention gives the mapping module access to the event under construction. A new conditional operator, _oneOf, is introduced that selects the first token that is bound to a value out of a list of tokens.
REFERENCES:
patent: 5717919 (1998-02-01), Kodavalla et al.
patent: 6134664 (2000-10-01), Walker
patent: 6192034 (2001-02-01), Hsieh et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6408391 (2002-06-01), Huff et al.
patent: 6408404 (2002-06-01), Ladwig
patent: 6484203 (2002-11-01), Porras et al.
patent: 6694362 (2004-02-01), Secor et al.
patent: 6704874 (2004-03-01), Porras et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6711615 (2004-03-01), Porras et al.
patent: 6839850 (2005-01-01), Campbell et al.
patent: 6966015 (2005-11-01), Steinberg et al.
patent: 6988208 (2006-01-01), Hrabik et al.
patent: 7043727 (2006-05-01), Bennett et al.
patent: 7089428 (2006-08-01), Farley et al.
patent: 7171689 (2007-01-01), Beavers
patent: 2002/0019945 (2002-02-01), Houston et al.
patent: 2002/0099958 (2002-07-01), Hrabik et al.
patent: 2002/0104014 (2002-08-01), Zobel et al.
patent: 2002/0147803 (2002-10-01), Dodd et al.
patent: 2002/0184532 (2002-12-01), Hackenberger et al.
patent: 2003/0093514 (2003-05-01), Valdes et al.
patent: 2003/0093692 (2003-05-01), Porras
patent: 2003/0101358 (2003-05-01), Porras et al.
patent: 2003/0188189 (2003-10-01), Desai et al.
patent: 2003/0221123 (2003-11-01), Beavers
patent: 2004/0010718 (2004-01-01), Porras et al.
patent: 2004/0024864 (2004-02-01), Porras et al.
patent: 2004/0044912 (2004-03-01), Connary et al.
patent: 2004/0221191 (2004-11-01), Porras et al.
patent: 2005/0027845 (2005-02-01), Secor et al.
patent: 2005/0204404 (2005-09-01), Hrabik et al.
patent: 2005/0228763 (2005-10-01), Lewis et al.
patent: 2005/0235318 (2005-10-01), Grauch et al.
patent: 2005/0243366 (2005-11-01), Fukuda
patent: 2006/0031719 (2006-02-01), Bower et al.
patent: 2006/0069956 (2006-03-01), Steinberg et al.
patent: 2007/0043703 (2007-02-01), Bhattacharya et al.
patent: WO 02/45315 (2002-06-01), None
patent: WO 02/060117 (2002-08-01), None
patent: WO 02/078262 (2002-10-01), None
patent: WO 02/101988 (2002-12-01), None
patent: WO 03/009531 (2003-01-01), None
patent: WO 2004/019186 (2004-03-01), None
U.S. Appl. No. 60/405,921, filed Aug. 26, 2002, Gisby et al.
Arcsight, “About ArcSight Team,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/about—team.htm>.
Arcsight, “About Overview,” Oct. 14, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL: http://web.archive.org/web/20021014041614/http://www.arcsight.com/about.htm>.
Arcsight, “Contact Info,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/contact.htm>.
Arcsight, “Enterprise Coverage: Technology Architecture,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—archdta.pdf>.
Arcsight, “Managed Process: ArcSight Reporting System,” date unknown, [online] Retrieved from the Internet <URL:http://www.snaiso.com/Documentation/Arcsight/arcsight—reportsys.pdf>.
Arcsight, “Managed Process: Console-Based Management,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—console.pdf>.
Arcsight, “Precision Intelligence: SmartRules™ and Cross-Correlation,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—correlation.pdf>.
Arcsight, “Precision Intelligence: SmartAgent™,” date unknown, [online] Retrieved from the Internet <URL: http://www.ossmanagement.com/SmartAgent.pdf>.
Arcsight, “Product Info: Product Overview and Architecture,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product.htm>.
Arcsight, “Product Info: 360° Intelligence Yields Precision Risk Management,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info01.htm>.
Arcsight, “Product Info: ArcSight SmartAgents,” Oct. 10, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL:http://web.archive.org/web/20021010135236/http://www.arcsight.com/product—info02.htm>.
Arcsight, “Product Info: ArcSight Cross-Device Correlation,” date unknown, [online] [Retrieved on Oct. 25, 2005] Retrieved from the Internet <URL: http://www.arcsight.com/product—info03.htm>.
Arcsight, “Product Info: ArcSight Manager,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info 04.htm>.
Arcsight, “Product Info: ArcSight Console,” date unknown, [online] [Retrieved on Nov. 15, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info05.htm>.
Arcsight, “Product Info: ArcSight Reporting System,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info06.htm>.
Arcsight, “Product Info: Enterprise Scaling,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info07.htm>.
Arcsight, “Security Management for the Enterprise,” 2002, [online ] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/>.
Arcsight, “Technical Brief: How Correlation Eliminates False Positives,” date unknown, source unknown.
Burleson, D., “Taking Advantage of Object Partitioning in Oracle8i,” Nov. 8, 2000, [online] [Retrieved on Apr. 20, 2004] Retrieved from the Internet <URL: http://www.dba-oracle.com/art—partit.htm>.
Derodeff, C. “Got Correlation? Not Without Normalization,” 2002, [online] Retrieved from the Internet<URL http://www.svic.com/papers/pdf/Got-Correlation—rmalization.pdf>.
Cheung, S. et al., “Emerald Intrusion Incident Report: 601 Message Specification,” Aug. 10, 2000, System Design Laboratory, SRI International.
National Institute of Standards and Technology (NIST), “Federal Information Processing Standards Publication (FIPS PUB) 199: Standards for Security Categorization of Federal Information and Information Systems”, Feb. 2004.
Haley Enterprise, “Production Systems,” 2002, [online] [Retrieved on Oct. 29, 2002] Retrieved from the Internet <URL: http://www.haley.com/0072567836705810/ProductionSystems.html>.
Haley Enterprise, “The Rete Algorithm,” 2002, [online] [Retrieved on Oct. 29, 2002] Retrieved from the Internet <URL: http://www.haley.com/0072567836705810/ReteAlgorithm.html>.
Haley Enterprise, “A Rules Engine for Java Based on the Rete Algorithm,” 2002, [online] [Retrieved on Oct. 29, 2002] Retrieved from the Internet <URL: http://www.haley.com/0072567836705810/ReteAlgorithmForRules.html>.
Halme, L.R. et al., “Aint Misbehaving: A Taxonomy of Anti-Intrus
Aguilar-Macias Hector
Mantry Girish
ArcSight, Inc.
Fenwick & West LLP
Luu Le
LandOfFree
Merging multiple log entries in accordance with merge... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Merging multiple log entries in accordance with merge..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Merging multiple log entries in accordance with merge... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4004325