Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2007-05-15
2007-05-15
Moise, Emmanuel L. (Department: 2137)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C726S021000, C726S022000, C726S023000, C726S025000
Reexamination Certificate
active
10308585
ABSTRACT:
In one embodiment, the present invention provides for receiving security events from a network device by a distributed software agent of a network security system, determining a priority of each received security event, and storing the security events in a plurality of prioritized event buffers based on the determined priorities for a period of time determined by a timer. Upon expiration of the timer, a batch of security events for transport to a security event manager of the network security system can be created by including security events in the batch in order of priority until the batch is full.
REFERENCES:
patent: 5717919 (1998-02-01), Kodavalla et al.
patent: 6192034 (2001-02-01), Hsieh et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6321338 (2001-11-01), Porras et al.
patent: 6347374 (2002-02-01), Drake et al.
patent: 6484203 (2002-11-01), Porras et al.
patent: 6578147 (2003-06-01), Shanklin et al.
patent: 6694362 (2004-02-01), Secor et al.
patent: 6704874 (2004-03-01), Porras et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6711615 (2004-03-01), Porras et al.
patent: 6775657 (2004-08-01), Baker
patent: 6966015 (2005-11-01), Steinberg et al.
patent: 6988208 (2006-01-01), Hrabik et al.
patent: 7043727 (2006-05-01), Bennett et al.
patent: 2002/0099958 (2002-07-01), Hrabik et al.
patent: 2003/0046582 (2003-03-01), Black et al.
patent: 2003/0093514 (2003-05-01), Valdes et al.
patent: 2003/0093692 (2003-05-01), Porras
patent: 2003/0101358 (2003-05-01), Porras et al.
patent: 2004/0010718 (2004-01-01), Porras et al.
patent: 2004/0024864 (2004-02-01), Porras et al.
patent: 2004/0044912 (2004-03-01), Connary et al.
patent: 2004/0221191 (2004-11-01), Porras et al.
patent: 2005/0027845 (2005-02-01), Secor et al.
patent: 2005/0204404 (2005-09-01), Hrabik et al.
patent: 2006/0069956 (2006-03-01), Steinberg et al.
patent: WO 2002/045315 (2002-06-01), None
patent: WO 02/060117 (2002-08-01), None
patent: WO 2002/078262 (2002-10-01), None
patent: WO 2002/101988 (2002-12-01), None
patent: WO 2003/009531 (2003-01-01), None
patent: WO 2004/019186 (2004-03-01), None
IBM TDB; Chen, C; Kiser, JM. High Performance Multiple-Priority Event Queue in Object Oriented Analysis Implementation. Aug. 1, 1995. IBM Technical Disclosure Bulletin. vol. 38, No. 08. pp. 591-592.
FIPS PUB 199, Federal Information Processing Standards Publication, “Standards for Security Categorization of Federal Information and Information Systems”, U.S. Department of Commerce, Feb. 2004.
Table 1: Security Categorization of Federal Information and Information Systems (Revised Jul. 8, 2005) [online] [retrieved on Apr. 6, 2006] Retrieved from the internet <URL: http://irm.cit.nih.gov/security/table1.htm>.
ARCSIGHT, “About ArcSight Team,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL:http://www.arcsight.com/about—team.htm>.
ARCSIGHT, “ABout Overview,” Oct. 14, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL: http://web.archive.org/web/20021014041614/http://www.arcsight.com/about.htm>.
ARCSIGHT, “Contact Info,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retreived from the Internet <URL:http://www.arcsight.com.htm>.
ARCSIGHT, “Enterprise Coverage: Technology Architecture,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—archdta.pdf>.
ARCSIGHT, “Managed Process: ArcSight Reporting System,” data unknown, [online]Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—reportsys.pdf>.
ARCSIGHT, “Managed Process: Console-Based Management,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—console.pdf>.
ARCSIGHT, “Precision Intelligence: SmartRules™ and Cross-Correlation,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—correlation.pdf>.
ARCSIGHT, “Precision Intelligence: SmartAgent™,” date unknown, [online] Retrieved from the Internet <URL: http://www.ossmanagement.com/SmartAgent.pdf>.
ARCSIGHT, “Product Info: Product Overview and Architecture,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product.htm>.
ARCSIGHT, “Product Info: 360° Intelligence Yields Precision Risk Management,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info.htm>.
ARCSIGHT, “Product Info: ArcSight SmartAgents,” Oct. 10, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL:http://web.archive.org/web/20021010135236/http://www.arcsight.com/product—info02.htm>.
ARCSIGHT, “Product Info: ArcSight Cross-Device Correlation,” date unknown, [online] [Retrieved on Oct. 25, 2005] Retrieved from the Internet <URL: http://www.arcsight.com/product—info03.htm>.
ARCSIGHT, “Product Info: ArcSight Manager,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info04.htm>.
ARCSIGHT, “Product Info: ArcSight Console,” date unknown, [online] [Retreived on Nov. 15, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info05.htm>.
ARCSIGHT, “Product Info: ArcSight Reporting System,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info06.htm>.
ARCSIGHT, “Product Info: Enterprise Scaling,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info07.htm>.
ARCSIGHT, “Security Management for the Enterprise,” 2002, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/>.
ARCSIGHT, “Technical Brief: How Correlation Eliminates False Positives,” date unknown, source unknown.
Burleson, D., “Taking Advantage of Object Partitioning in Oracle8i,” Nov. 8, 2000, [online] [Retrieved on Apr. 20, 2004] Retrieved from the Internet <URL: http://www.dba-oracle.com/art—partit.htm>.
Derodeff, C. “Got Correlation? Not Without Normalization,” 2002, [online] Retrieved from the Internet <URL:http://www.svic.com/papers/pdf/Got-Correlation—rmalization.pdf>.
Cheung, S. et al., “EMERALD Intrusion Incident Report: 601 Message Specification,” Aug. 10, 2000, System Design Laboratory, SRI International.
Haley Enterprise, “Production Systems,” 2002, [online] [Retrieved on Oct. 29, 2002] Retrieved from the Internet <URL: http://www.haley.com/0072567836705810/ProductionSystems.html>.
Haley Enterprise, “The Rete Algorithm,” 2002, [online] [Retrieved on Oct. 29, 2002] Retrieved from the Internet <URL: http://www.haley.com/0072567836705810/ReteAlgorithm.html>.
Haley Enterprise, “A Rules Engine for Java Based on the Rete Algorithm,” 2002, [online] [Retrieved on Oct. 29, 2002] Retrieved from the Internet <URL: http://www.haley.com/0072567836705810/ReteAlgorithmForRules.html>.
Halme, L.R. et al., “AINT Misbehaving: A Taxonomy of Anti-Intrusion Techniques,” 2000, [online] [Retrieved on Nov. 1, 2002] Retrieved from the Internet <URL:http://www.sans.org
ewlook/resources/IDFAQ/aint.htm>.
Lindqvist, U. et al., “Detacting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST),” Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999.
Aguilar-Macias Hector
Beedgen Christian Friedrich
Njemanze Hugh S.
ArcSight, Inc.
Fenwick & West LLP
Loving Jaric
Moise Emmanuel L.
LandOfFree
Method for batching events for transmission by software agent does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for batching events for transmission by software agent, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for batching events for transmission by software agent will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3739336