Claims
- 1. A computerized method for dynamically refining a security policy rule set, the method comprising:
aggregating a plurality of log entries from one or more log files to a create a single set of log entries; grouping the log entries in the single set according to common characteristics; and analyzing the groups of log entries to amend the security policy rule set.
- 2. The method of claim 1, wherein aggregating a plurality of log entries comprises aggregating one or more error log entries.
- 3. The method of claim 1, wherein aggregating a plurality of log entries comprises aggregating one or more illegal requests as defined by the security policy rule set.
- 4. The method of claim 1, wherein aggregating a plurality of log entries comprises aggregating one or more legal requests as defined by the security policy rule set.
- 5. The method of claim 1, wherein aggregating a plurality of log entries from one or more log files comprises aggregating a plurality of log entries from one or more error log files.
- 6. The method of claim 1, wherein aggregating a plurality of log entries from one or more log files comprises aggregating a plurality of log entries from one or more log files generated by an application server.
- 7. The method of claim 1, wherein grouping the log entries comprises grouping the log entries according to the one or more of the characteristics of the group consisting of: a mutation, a base, and a field.
- 8. The method of claim 1, wherein amending the security policy rule set comprises creating a new rule in the security policy rule set.
- 9. The method of claim 1, wherein amending the security policy rule set comprises amending an existing rule in the security policy rule set.
- 10. The method of claim 9, wherein amending an existing rule comprises expanding a range of field properties associated with the existing rule.
- 11. The method of claim 10, wherein expanding the range of field properties comprises expanding the range one or more fields properties from the group comprising: a default field length, a default field value, a field value generalization to alpha numeric, a field value generalization to integer, a field value generalization to letter, a field value generalization to integer range, and a field value generalization to specific values.
- 12. An article of manufacture comprising a computer readable medium containing a program which when executed on a computer causes the computer to perform a method for dynamically refining a security policy rule set, the method comprising:
aggregating a plurality of log entries from one or more log files to a create a single set of log entries; grouping the log entries in the single set according to common characteristics; and analyzing the groups of log entries to amend the security policy rule set.
- 13. The article of manufacture of claim 12, wherein aggregating a plurality of log entries comprises aggregating one or more error log entries.
- 14. The article of manufacture of claim 12, wherein aggregating a plurality of log entries comprises aggregating one or more illegal requests as defined by the security policy rule set.
- 15. The article of manufacture of claim 12, wherein aggregating a plurality of log entries comprises aggregating one or more legal requests as defined by the security policy rule set.
- 16. The article of manufacture of claim 12, wherein aggregating a plurality of log entries from one or more log files comprises aggregating a plurality of log entries from one or more error log files.
- 17. The article of manufacture of claim 12, wherein aggregating a plurality of log entries from one or more log files comprises aggregating a plurality of log entries from one or more log files generated by an application server.
- 18. The article of manufacture of claim 12, wherein grouping the log entries comprises grouping the log entries according to the one or more of the characteristics of the group consisting of: a mutation, a base, and a field.
- 19. The article of manufacture of claim 12, wherein amending the security policy rule set comprises creating a new rule in the security policy rule set.
- 20. The article of manufacture of claim 12, wherein amending the security policy rule set comprises amending an existing rule in the security policy rule set.
- 21. The article of manufacture of claim 20, wherein amending an existing rule comprises expanding a range of field properties associated with the existing rule.
- 22. The article of manufacture of claim 21, wherein expanding the range of field properties comprises expanding the range one or more fields properties from the group comprising: a default field length, a default field value, a field value generalization to alpha numeric, a field value generalization to integer, a field value generalization to letter, a field value generalization to integer range, and a field value generalization to specific values.
PRIORITY CLAIM
[0001] This application claims priority from U.S. Provisional Patent Application No. 60/344,646, titled METHOD AND SYSTEM FOR DYNAMIC SECURITY POLICY CREATION AND REFINEMENT FOR APPLICATION USAGE, filed Dec. 31, 2001, Attorney Docket No. 3269/10P, which is hereby incorporated herein by reference in its entirety.
[0002] This application is related to U.S. Pat. No. 6,311,278, titled METHOD AND SYSTEM FOR EXTRACTING APPLICATION PROTOCOL CHARACTERISTICS, filed Jul. 1, 1999, issued Oct. 30, 2001, which is hereby incorporated herein by reference in its entirety.
[0003] This application is also related to the following pending patent applications:
[0004] U.S. patent application Ser. No. 09/696,736, titled METHOD AND SYSTEM FOR VERIFYING A CLIENT REQUEST, filed Oct. 25, 2000, Attorney Docket Number 3269/8; and
[0005] U.S. patent application Ser. No. 09/800,090, titled SYSTEM FOR DETERMINING WEB APPLICATION VULNERABLITIES, filed Mar. 5, 2001, Attorney Docket Number 3269/9;
[0006] each of which application is hereby incorporated herein by reference in its entirety.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60344646 |
Dec 2001 |
US |