Browse Prior Art Database

Plug-in integration engine for SIEM platform Disclosure Number: IPCOM000250463D
Publication Date: 2017-Jul-20
Document File: 3 page(s) / 37K

Publishing Venue

The Prior Art Database

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 58% of the total text.

Plug-In Integration Engine for SIEM Platform

Current security information and event management (SIEM) platforms lack the ability to integrate, efficiently manage, and operate third party software components without re-installing or patching product.

The novel solution is to add a plugin integration engine to the SIEM platform to enable users to add, enable, and disable third party software components without re-installing or patching the SIEM product. It also provides the ability to configure, schedule, and run a plugin component within an engine-managed processing queue, ensuring efficient resources management.

The Plugin Integration Engine consist of:

·         Component Model API

·         Plugin Configuration Manager

·         Plugin Deployment Manager

·         Profile Manager

·         Task Scheduler

·         Processing Manager

Component Model API

To create the plugin, third party developers complete following steps:

1.    Implement a defined Component Interface which must have a defined:

A.   Get input method

B.   Set output method

C.   Execute method

D.   Get targets method

Each plugin may have n-number of components, all following same structure and annotation rules.

2.    Create a plugin configuration file following a defined schema. Configuration file must have each component information such as component name, input name, output name, list of target names.

3.    Add all component implementations and configuration file in a plugin compressed bundle

Plugin Configuration Manager

Third party developers should be able to edit configuration file using command line tool or GUI.

Plugin Deployment Manager

The plugin bundle is:

1.    Uploaded to a defined staging directory

2.    Validated

3.    Pre-compiled

4.    Confirmed for plugin integrity and security

5.    Deployed to production

The deployment Manager

1.    Adds the plugin configuration to Plugin Integration Engine configuration file

2.    Compile each compo...