Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2008-05-20
2008-05-20
Revak, Christopher (Department: 2131)
Information security
Monitoring or scanning of software or data including attack...
C709S224000
Reexamination Certificate
active
10308415
ABSTRACT:
Security events generated by a number of network devices are gathered and normalized to produce normalized security events in a common schema. The normalized security events are cross-correlated according to rules to generate meta-events. The security events may be gathered remotely from a system at which the cross-correlating is performed. Any meta-events that are generated may be reported by generating alerts for display at one or more computer consoles, or by sending an e-mail message, a pager message, a telephone message, and/or a facsimile message to an operator or other individual. In addition to reporting the meta-events, the present system allows for taking other actions specified by the rules, for example executing scripts or other programs to reconfigure one or more of the network devices, and or to modify or update access lists, etc.
REFERENCES:
patent: 5717919 (1998-02-01), Kodavalla et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6134664 (2000-10-01), Walker
patent: 6192034 (2001-02-01), Hsieh et al.
patent: 6202158 (2001-03-01), Urano et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6347374 (2002-02-01), Drake et al.
patent: 6408391 (2002-06-01), Huff et al.
patent: 6408404 (2002-06-01), Ladwig
patent: 6484203 (2002-11-01), Porras et al.
patent: 6553377 (2003-04-01), Eschelbeck et al.
patent: 6553378 (2003-04-01), Eschelbeck
patent: 6567808 (2003-05-01), Eschelbeck et al.
patent: 6694362 (2004-02-01), Secor et al.
patent: 6704874 (2004-03-01), Porras et al.
patent: 6708212 (2004-03-01), Porras et al.
patent: 6711615 (2004-03-01), Porras et al.
patent: 6839850 (2005-01-01), Campbell et al.
patent: 6907430 (2005-06-01), Chong et al.
patent: 6966015 (2005-11-01), Steinberg et al.
patent: 6988208 (2006-01-01), Hrabik et al.
patent: 7039953 (2006-05-01), Black et al.
patent: 7043727 (2006-05-01), Bennett et al.
patent: 7062783 (2006-06-01), Joiner
patent: 7089428 (2006-08-01), Farley et al.
patent: 7154857 (2006-12-01), Joiner et al.
patent: 7171689 (2007-01-01), Beavers
patent: 7207065 (2007-04-01), Chess et al.
patent: 7219239 (2007-05-01), Njemanze et al.
patent: 2002/0019945 (2002-02-01), Houston et al.
patent: 2002/0038232 (2002-03-01), Nihira
patent: 2002/0046275 (2002-04-01), Crosbie et al.
patent: 2002/0099958 (2002-07-01), Hrabik et al.
patent: 2002/0104014 (2002-08-01), Zobel et al.
patent: 2002/0107841 (2002-08-01), Hellerstein et al.
patent: 2002/0147803 (2002-10-01), Dodd et al.
patent: 2002/0170002 (2002-11-01), Steinberg et al.
patent: 2002/0178383 (2002-11-01), Hrabik et al.
patent: 2002/0184532 (2002-12-01), Hackenberger et al.
patent: 2003/0084349 (2003-05-01), Friedrichs et al.
patent: 2003/0093514 (2003-05-01), Valdes et al.
patent: 2003/0093692 (2003-05-01), Porras
patent: 2003/0101358 (2003-05-01), Porras et al.
patent: 2003/0154404 (2003-08-01), Beadles et al.
patent: 2003/0167406 (2003-09-01), Beavers et al.
patent: 2003/0188189 (2003-10-01), Desai et al.
patent: 2003/0221123 (2003-11-01), Beavers
patent: 2004/0010718 (2004-01-01), Porras et al.
patent: 2004/0024864 (2004-02-01), Porras et al.
patent: 2004/0044912 (2004-03-01), Connary et al.
patent: 2004/0181685 (2004-09-01), Marwaha
patent: 2004/0221191 (2004-11-01), Porras et al.
patent: 2004/0260947 (2004-12-01), Brady et al.
patent: 2005/0027845 (2005-02-01), Secor et al.
patent: 2005/0028002 (2005-02-01), Christodorescu et al.
patent: 2005/0204404 (2005-09-01), Hrabik et al.
patent: 2005/0257264 (2005-11-01), Stolfo et al.
patent: 2006/0069956 (2006-03-01), Steinberg et al.
patent: 20030035142 (2003-09-01), None
patent: 20030035143 (2003-09-01), None
patent: WO 02/045315 (2002-06-01), None
patent: WO 02/060117 (2002-08-01), None
patent: WO 02/078262 (2002-10-01), None
patent: WO 02/101988 (2002-12-01), None
patent: WO 03/009531 (2003-01-01), None
patent: WO 2004/019186 (2004-03-01), None
Dubie, “ Users shoring up net security with SIM”, Sep. 30, 2002, Network World, vol. 19, No. 39, pp. 21-22 via dialog text search.
Dubie, “Security management wares get smarts: Companies add business reporting and compliance management features to software offerings”, Oct. 4, 2004, Network World, p. 26 via dialog text search.
ArcSight, “About ArcSight Team,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/about—team.html>.
ArcSight, “About Overview,” Oct. 14, 2002, [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL: http://web.archive.org/web/20021014041614/http://www.arcsight.com/about.htm>.
ArcSight, “Contact Info,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/contact.htm>.
ArcSight, “Enterprise Coverage: Technology Architecture,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—archdta.pdf>.
ArcSight, “Managed Process: ArcSight Reporting System,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—reportsys.pdf>.
ArcSight, “Managed Process: Console-Based Management,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—console.pdf>.
ArcSight, “Precision Intelligence: SmartRules™ and Cross-Correlation,” date unknown, [online] Retrieved from the Internet <URL: http://www.snaiso.com/Documentation/Arcsight/arcsight—correlation.pdf>.
ArcSight, “Precision Intelligence: SmartAgent™,” date unknown, [online] Retrieved from the Internet <URL: http://www.ossmanagement.com/SmartAgent.pdf>.
ArcSight, “Product Info: Product Overview and Architecture,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product.htm>.
ArcSight, “Product Info: 360° Intelligence Yields Precision Risk Management,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info01.htm>.
ArcSight, “Product Info: ArcSight SmartAgents,” Oct. 10, 2002 [online] [Retrieved on Apr. 21, 2006] Retrieved from the Internet <URL:http://web.archive.org/web/20021010135238/http://www.arcsight.com/product—info02.htm>.
ArcSight, “Product Info: ArcSight Cross-Device Correlation,” date unknown, [online] [Retrieved on Oct. 25, 2005] Retrieved from the Internet <URL: http://www.arcsight.com/product—info03.htm>.
ArcSight, “Product Info: ArcSight Manager,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info04.htm>.
ArcSight, “Product Info: ArcSight Console,” date unknown, [online] [Retrieved on Nov. 15, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info05.htm>.
ArcSight, “Product Info: ArcSight Reporting System,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/product—info06.htm>.
ArcSight, “Product Info: Enterprise Scaling,” date unknown, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http://www.arcsight.com/product—info07.htm>.
ArcSight,“Security Management for the Enterprise,” 2002, [online] [Retrieved on Oct. 25, 2002] Retrieved from the Internet <URL: http:www.arcsight.com/>.
ArcSight, “Technical Brief: How Correlation Eliminates False Positives,” date unknown, source unknown.
Burleson, D., “Taking Advantage of Object Partitioning in Oracle8i,” Nov. 8, 2000, [online] [Retrieved on Apr. 20, 2004] Retrieved from the Internet <URL: http://www.dba-oracle.com/art—
Kothari Pravin S.
Njemanze Hugh S.
ArcSight, Inc.
Fenwick & West LLP
Revak Christopher
LandOfFree
Real time monitoring and analysis of events from multiple... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Real time monitoring and analysis of events from multiple..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Real time monitoring and analysis of events from multiple... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3904843