Invention Grant
- Patent Title: Correlation engine with support for time-based rules
- Patent Title (中): 相关引擎,支持基于时间的规则
-
Application No.: US10308767Application Date: 2002-12-02
-
Publication No.: US08176527B1Publication Date: 2012-05-08
- Inventor: Hugh S. Njemanze , Pravin S. Kothari , Debabrata Dash , Shijie Wang
- Applicant: Hugh S. Njemanze , Pravin S. Kothari , Debabrata Dash , Shijie Wang
- Applicant Address: US TX Houston
- Assignee: Hewlett-Packard Development Company, L. P.
- Current Assignee: Hewlett-Packard Development Company, L. P.
- Current Assignee Address: US TX Houston
- Main IPC: G06F7/04
- IPC: G06F7/04
Abstract:
A rules engine with support for time-based rules is disclosed. A method performed by the rules engine, comprises receiving security events generated by a number of network devices. The security events are aggregated. One or more time-based rules are provided to a RETE engine. The aggregated security events are provided to the RETE engine at specific times associated with the time-based rules. The security events are cross-correlated with the one or more time-based rules; and one or more first stage meta-events are reported.
Information query
