Invention Grant
US09385993B1 Media for detecting common suspicious activity occurring on a computer network using firewall data and reports from a network filter device
有权
用于检测在计算机网络上使用防火墙数据和来自网络过滤设备的报告的常见可疑活动的介质
- Patent Title: Media for detecting common suspicious activity occurring on a computer network using firewall data and reports from a network filter device
- Patent Title (中): 用于检测在计算机网络上使用防火墙数据和来自网络过滤设备的报告的常见可疑活动的介质
-
Application No.: US14820257Application Date: 2015-08-06
-
Publication No.: US09385993B1Publication Date: 2016-07-05
- Inventor: Philip Kulp
- Applicant: XL Associates, Inc.
- Applicant Address: US VA Vienna
- Assignee: XL Associates, Inc.
- Current Assignee: XL Associates, Inc.
- Current Assignee Address: US VA Vienna
- Agency: Cooley LLP
- Main IPC: G06F12/16
- IPC: G06F12/16 ; H04L29/06
Abstract:
Some embodiments described herein relate to a method including receiving a report of a first suspicious activity from a network filter device. The report of the first suspicious activity can include an indication of a time associated with the first suspicious activity and can be devoid of an address uniquely associated with the first suspicious activity. An indication of a user device associated with the first suspicious activity can be identified based on user activity data received from a firewall log. A second suspicious activity can also be identified from the user activity data without receiving a report of the second suspicious activity from the network filter device. A common suspicious activity including the first suspicious activity and the second suspicious activity can be defined, and a report indicating the common suspicious activity can be sent to an administrator device.
Information query
