System and method for correlating log data to discover network vulnerabilities and assets
作者: Marcus Ranum , Renaud Deraison , Ron Gula
DOI:
关键词:
摘要: The system and method described herein relates to a log correlation engine that may cross-reference or otherwise leverage existing vulnerability data in an extensible manner support network asset discovery. In particular, the receive various logs contain events describing observed activity discover response containing at least one event matches regular expression rule associated with indicates vulnerability. then obtain information about indicated from source cross-referenced generate report was discovered network, wherein include obtained rule.
google.de 参考文章(157)
Yanni K. Dubuc, ZhouZhong (Joe) Yu, Yu (Michael) Fang, Zhen Zhang, Ken Xie, Michael Xie, Remote logging, analysis, reporting and management of network security appliances ,(2007)
R. Gunnar Engelbach, Randal S. Taylor, Brian A. Boyter, System and method for network security scanning ,(2003)
Karl Levitt, James Hoagland, Christopher Wee, Audit Log Analysis Using the Visual Audit Browser Toolkit ,(1998)
Scott J. Pappas, David L. Weiss, Method and apparatus for detecting correctly decrypted communications ,(1995)
Bruce McCorkendale, Matthew Steele, William E. Sobel, Agentless enforcement of application management through virtualized block i/o redirection ,(2008)
Joseph Hellerstein, Sheng Ma, Systems and methods for discovering partially periodic event patterns ,(2000)
Achal S. Khetarpal, Igor Barash, Serge Zilber, Bing Liu, Gary Guseinov, Systems and methods for operating an anti-malware network on a cloud computing platform ,(2010)
Kevin Overcash, Yoram Zahavi, Doron Kolton, Netta Gavrieli, Rami Mizrahi, Asaf Wexler, Galit Efron (Nitzan), Kate Delikat, System and method of securing networks against applications threats ,(2006)
Terry Ramos, Sumedh S. Thakar, Sean M. Molloy, Dynamic hierarchical tagging system and method ,(2011)