Directing audited data traffic to specific repositories
First Claim
1. A computer-implemented method for auditing data traffic, the computer-implemented method comprising:
- monitoring data traffic on a network and collecting data access elements of the data traffic;
comparing the collected data access elements to security rules;
sending an audit data collection to a repository in response to one or more compared data access elements of a data access matching a condition of one of the security rules, wherein the one of the security rules having the condition designates the audit data collection and the repository;
applying, in response to the matching the condition, a tag to the data traffic of the data access and discontinuing, responsive to applying the tag, the comparing of the collected data access elements to the corresponding one of the security rules having the matching condition, wherein the tag indicates the repository and the data traffic includes at least one of a connection and session; and
sending, in response to the tag in the tagged data traffic, the audit data collection to the repository indicated by the tag for the data access, wherein the computer-implemented method continues sending audit data for future data accesses that are in the tagged data traffic without the comparing to the corresponding one of the security rules again.
1 Assignment
0 Petitions
Accused Products
Abstract
Data traffic is monitored on a network with data access elements thereof collected and compared to security rules. An audit data collection is sent to a repository responsive to data access elements matching a condition of the security rules, where security rules having the condition designate the audit data collection and repository. A tag to data traffic is applied responsive to the matching condition. Comparing of collected data access elements to the corresponding security rules having the matching condition is discontinued responsive to applying the tag. The tag indicates a repository and the data traffic includes a connection and session. An audit data collection is sent to the repository indicated by the tag for a data access responsive to the tag in the tagged data traffic. The method continues sending audit data for future data accesses in the tagged data traffic without comparing to the corresponding security rules again.
-
Citations
20 Claims
-
1. A computer-implemented method for auditing data traffic, the computer-implemented method comprising:
-
monitoring data traffic on a network and collecting data access elements of the data traffic; comparing the collected data access elements to security rules; sending an audit data collection to a repository in response to one or more compared data access elements of a data access matching a condition of one of the security rules, wherein the one of the security rules having the condition designates the audit data collection and the repository; applying, in response to the matching the condition, a tag to the data traffic of the data access and discontinuing, responsive to applying the tag, the comparing of the collected data access elements to the corresponding one of the security rules having the matching condition, wherein the tag indicates the repository and the data traffic includes at least one of a connection and session; and sending, in response to the tag in the tagged data traffic, the audit data collection to the repository indicated by the tag for the data access, wherein the computer-implemented method continues sending audit data for future data accesses that are in the tagged data traffic without the comparing to the corresponding one of the security rules again. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
at least one hardware computing processor; and a non-transitory computer-readable storage media connected to the at least one hardware computing processor, wherein the non-transitory computer-readable storage media has stored thereon a data traffic auditing program for controlling the at least one hardware computing processor, and wherein the at least one hardware computing processor is operative with the data traffic auditing program to execute for; monitoring data traffic on a network and collecting data access elements of the data traffic; comparing the collected data access elements to security rules; sending an audit data collection to a repository in response to one or more compared data access elements of a data access matching a condition of one of the security rules, wherein the one of the security rules having the condition designates the audit data collection and the repository; applying, in response to the matching the condition, a tag to the data traffic of the data access and discontinuing, responsive to applying the tag, the comparing of the collected data access elements to the corresponding one of the security rules having the matching condition, wherein the tag indicates the repository and the data traffic includes at least one of a connection and session; and sending, in response to the tag in the tagged data traffic, the audit data collection to the repository indicated by the tag for the data access, wherein the system continues sending audit data for future data accesses that are in the tagged data traffic without the comparing to the corresponding one of the security rules again. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer program product for auditing data traffic, the non-transitory computer program product comprising:
-
a non-transitory computer-readable storage medium; and
computer-readable program code embodied in the non-transitory computer-readable storage medium, wherein the computer-readable program code is configured to cause at least one computing processor to;monitoring data traffic on a network and collecting data access elements of the data traffic; comparing the collected data access elements to security rules; sending an audit data collection to a repository in response to one or more compared data access elements of a data access matching a condition of one of the security rules, wherein the one of the security rules having the condition designates the audit data collection and the repository; applying, in response to the matching the condition, a tag to the data traffic of the data access and discontinuing, responsive to applying the tag, the comparing of the collected data access elements to the corresponding one of the security rules having the matching condition, wherein the tag indicates the repository and the data traffic includes at least one of a connection and session; and sending, in response to the tag in the tagged data traffic, the audit data collection to the repository indicated by the tag for the data access, wherein the computer-readable program code is further configured to cause the at least one computing processor to sending audit data for future data accesses that are in the tagged data traffic without the comparing to the corresponding one of the security rules again. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification