Security event data normalization

摘要

Normalizing security event data from multiple different network agents. The data from the multiple different agents is categorized and tagged with a descriptor that includes information about the nature of the event. Multiple different events from multiple different devices can therefore be evaluated using a common format which is common for the multiple different devices from different vendors.

主权项

1. A method, comprising:
registering, with at least one processor, a network security agent, the registering comprising determining a functional category of the network security agent, the functional category being associated with a numerical identifier; receiving, with the at least one processor, a packet from the network security agent indicating a network event; converting, with the at least one processor, the packet to a security event tag that numerically represents a broad classification of the event, the numerical identifier associated with the functional category of the network security agent that detected the event, and a category of the event; and using the security event tag to represent the event in place of the packet.