US 12,328,298 B2
Filtering data logs from disparate data sources
Daniel James Smith, Ottawa (CA)
Assigned to Cysiv, Inc., Dallas, TX (US)
Filed by Cysiv, Inc., Dallas, TX (US)
Filed on Dec. 27, 2023, as Appl. No. 18/397,161.
Application 18/397,161 is a continuation of application No. 17/089,514, filed on Nov. 4, 2020, granted, now 11,888,817.
Prior Publication US 2024/0154939 A1, May 9, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0263 (2013.01) [H04L 63/14 (2013.01); H04L 63/20 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method of generating alerts, comprising:
obtaining an input message stream from a set of data sources, wherein the input message stream comprises a sequence of input data entries in different respective native formats that varies between different data sources of the set of data sources;
identifying a data format of a current input message of the input message stream using a set of detection rules, the current input message received from a current data source;
parsing the current input message, based on the identified data format of the current input message, to generate parsed message content, wherein the parsing comprises separating the current input message into a data structure;
applying a set of filter selection rules to the parsed message content to identify a filter from the set of filters for use with messages received from the current data source, wherein the filter selection rules identify a pattern associated with the current data source to identify the filter from the set of filters;
applying, by a processor, the identified filter to the parsed message content to transform the parsed message content to a current output message of an output message stream, wherein each output message of the output message stream comprises output data entries in a standardized format independent of the data source;
applying a set of rules to the output message stream to detect a data pattern indicative of malicious activity; and
generating an alert to an administrative interface indicative of the detected data pattern.