| US 7,483,972 B2 | ||
| Network security monitoring system | ||
| Partha Bhattacharya, Cupertino, Calif. (US); and Jan Christian Lawrence, Groton, Conn. (US) | ||
| Assigned to Cisco Technology, Inc., San Jose, Calif. (US) | ||
| Filed on May 21, 2003, as Appl. No. 10/443,946. | ||
| Claims priority of provisional application 60/439056, filed on Jan. 08, 2003. | ||
| Prior Publication US 2004/0133672 A1, Jul. 08, 2004 | ||
| Int. Cl. G06F 15/177 (2006.01); G06F 11/00 (2006.01) | ||
| U.S. Cl. 709—224 [726/22; 726/23] | 57 Claims |
| 1. A method of processing event messages, comprising:
defining a graph of nodes, including a plurality of leaf nodes, a plurality of non-leaf nodes;
receiving a stream of event messages, each event message characterized by a plurality of event parameters;
for each event message, identifying leaf nodes, if any, that correspond to the event message, and for each identified leaf
node, storing in association with the identified leaf node a partial solution identifying the event message; and
at predefined times, invoking each of a plurality of non-leaf nodes, wherein invoking a non-leaf node comprises evaluating
an inter-event constraint associated with the non-leaf node utilizing the partial solutions stored for one or more nodes lower
in the graph, and storing in association with the non-leaf node partial solutions representing sets of event messages meeting
the evaluated constraint of the non-leaf node.
|