The present invention is generally directed to storing network security information. More specifically, the present invention is directed to a system and method for storing different types of security information in an automated centralized security information repository.
When a network security issue arises, such as abnormal traffic in a data network, a network analyst is responsible for determining the cause of the security issue. Abnormal traffic is traffic that is not normally observed, such as sudden volume changes or unusual tcp/ip indicators. For example, abnormal traffic in a data network can be caused by viruses, worms, denial of service attacks, hackers probing a system, attempted break-ins, games, etc. In order to determine the cause of a security issue, an analyst must manually search security information sources, such as IANA port listings, IANA protocol listings, virus information listings, Trojan horse information listings, network game developers' game information, hacker web sites, search engines, newsgroups, etc. Furthermore, in order to obtain different types of security information (e.g., virus information, common port usage information, etc.), an analyst must search separate data repositories corresponding to each desired type of information. For example, an analyst interested in activity on a certain port will have to search one source for information on applications that commonly use the port, another source for virus information relating to the port, another source for games that use that port, etc. Accordingly, it is desirable to increase efficiency in security information searches.