| 主权项 |
1. A method for mitigating threats in a network, comprising:
receiving a message at a network device coupled to a network comprising a plurality of different types of network devices, the message generated in response to a threat and broadcasted over the network to the network device and the plurality of different types of network devices, the message comprising a plurality of device-independent parameters capable of being processed by the network device and the plurality of different types of network devices, the plurality of device-independent parameters comprising a severity parameter and an action parameter, the severity parameter indicating a severity level for the message, the action parameter indicating a device-independent operation to be performed by the network device, the network device and the plurality of different types of network devices each having one or more mapping rules that map the device-independent operation to one or more device-specific operations operable to mitigate the threat; establishing the device-independent operation from the message; identifying the one or more mapping rules that correspond to the established device-independent operation; determining the one or more device-specific operations in accordance with the one or more identified mapping rules; converting the plurality of device-independent parameters into the one or more device-specific operations operable to mitigate the threat; performing the one or more device-specific operations to mitigate the threat; sending, to the entity from which the message was received, a response to the message based on the performance of the one or more device-specific operations; and further comprising sending state information for the network device to the entity from which the message was received and receiving an update to the message from the entity based on the state information. |
