| 发明名称 | Network zone identification in a network security system | ||
| 摘要 | Different network segments can have overlapping address spaces. In one embodiment, the present invention includes a distributed agent of a security system receiving a security event from a network device monitored by the agent. In one embodiment, the agent normalizes the security event into an event schema including one or more zone fields. In one embodiment, the agent also determines one or more zones associated with the received security event, the one or more zones each describing a part of a network, and populates the one or more zone fields using the determined one or more zones. | ||
| 申请公布号 | US9100422(B1) | 申请公布日期 | 2015.08.04 |
| 申请号 | US200410974105 | 申请日期 | 2004.10.27 |
| 申请人 | Hewlett-Packard Development Company, L.P. | 发明人 | Tidwell Kenny;Beedgen Christian |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Hewlett-Packard Patent Department | 代理人 | Hewlett-Packard Patent Department |
| 主权项 | 1. A method performed by a manager of a network security system monitoring a network, the method comprising: receiving a first normalized security event from a first distributed agent of the network security system, the first distributed agent configured to receive security events from a first network device monitoring a first portion of the network and to normalize the security events using a first zone table, the first normalized security event adhering to a universal schema used by the network security system and including a non-globally unique Internet protocol (IP) address and a first identifier of the first portion of the network, wherein the IP address and the first identifier are not identical, and wherein the first zone table associates the IP address with the first identifier; and receiving a second normalized security event from a second distributed agent of the network security system, the second distributed agent configured to receive security events from a second network device monitoring a second portion of the network and to normalize the security events using a second zone table, the second normalized security event adhering to the universal schema used by the network security system and including the same IP address and a second identifier of the second portion of the network, wherein the same IP address and the second identifier are not identical, wherein the second zone table associates the same IP address with the second identifier, and wherein the first identifier is not identical to the second identifier; wherein an address space of the first portion of the network includes the IP address and at least partially overlaps an address space of the second portion of the network. | ||
| 地址 | Houston TN US | ||