Invention Grant
- Patent Title: Intrusion event correlation with network discovery information
- Patent Title (中): 入侵事件与网络发现信息的相关性
-
Application No.: US11272035Application Date: 2005-11-14
-
Publication No.: US08046833B2Publication Date: 2011-10-25
- Inventor: Eric Gustafson , Brian P. Rittermann
- Applicant: Eric Gustafson , Brian P. Rittermann
- Applicant Address: US MD Columbia
- Assignee: Sourcefire, Inc.
- Current Assignee: Sourcefire, Inc.
- Current Assignee Address: US MD Columbia
- Agency: Posz Law Group, PLC
- Main IPC: G06F12/14
- IPC: G06F12/14
Abstract:
A policy component includes policy configuration information. The policy configuration information contains one or more rules. Each rule and group of rules can be associated with a set of response actions. As the nodes on the monitored networks change or intrusive actions are introduced on the networks, network change events or intrusion events are generated. The policy component correlates network change events and/or intrusions events with network map information. The network map contains information on the network topology, services and network devices, amongst other things. When certain criteria is satisfied based on the correlation, a policy violation event may be issued by the system resulting in alerts or remediations.
Public/Granted literature
- US20080244741A1 Intrusion event correlation with network discovery information Public/Granted day:2008-10-02
Information query
