Systems and methods for computer environment situational awareness
First Claim
1. A system for monitoring states of operation of assets in a network of computer devices, the system comprising:
- one or more servers communicatively coupled to a computer network, the one or more servers include;
a controller engine, executed by one or more hardware processors of the one or more servers, configured to identify a target asset of the computer network;
a scheduling engine, executed by the one or more hardware processors of the one or more servers, configured to establish a communication link with a computing device associated with the target asset; and
an asset profiling engine, executed by the one or more hardware processors of the one or more servers, configured to;
transmit, via the communication link, according to a hierarchical profiling scheme defining a plurality of profiling steps, a plurality of sequential profiling queries to the computing device, each profiling step of the plurality of profiling steps associated with a corresponding profiling query that includes a corresponding set of parameters to be requested, the corresponding set of parameters associated with corresponding criteria or threshold values;
receive, at each profiling step, from the computing device via the communication link, a respective set of parameter values corresponding to the set of parameters in the profiling query associated with the profiling step;
compare, at each profiling step, the respective set of parameter values to the criteria or threshold values associated with the corresponding set of parameters in the corresponding profiling query to determine a following profiling step or a state of operation of the target asset; and
determine the state of operation of the target asset based on comparing a set of parameter values associated with a final profiling query of the plurality of sequential profiling queries to corresponding criteria or threshold values, the state of operation indicative of an abnormal behavior associated with the target asset.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for monitoring states of operation of a computer environment can include one or more computer servers identifying a target asset of the computer environment and establishing a communication link with a computing device associated with the target asset. The one or more computer servers can determine a first set of parameters for profiling the target asset, transmit a first query for the first set of parameters to the computing device via the communication link, and receive one or more first parameter values corresponding to the first set of parameters responsive to the query. The one or more computer servers can compare the one or more first parameter values to one or more first criteria or threshold values, an determine a state of operation of the target asset based on the comparison. The state of operation can be indicative of an abnormal behavior associated with the target asset.
-
Citations
18 Claims
-
1. A system for monitoring states of operation of assets in a network of computer devices, the system comprising:
one or more servers communicatively coupled to a computer network, the one or more servers include; a controller engine, executed by one or more hardware processors of the one or more servers, configured to identify a target asset of the computer network; a scheduling engine, executed by the one or more hardware processors of the one or more servers, configured to establish a communication link with a computing device associated with the target asset; and an asset profiling engine, executed by the one or more hardware processors of the one or more servers, configured to; transmit, via the communication link, according to a hierarchical profiling scheme defining a plurality of profiling steps, a plurality of sequential profiling queries to the computing device, each profiling step of the plurality of profiling steps associated with a corresponding profiling query that includes a corresponding set of parameters to be requested, the corresponding set of parameters associated with corresponding criteria or threshold values; receive, at each profiling step, from the computing device via the communication link, a respective set of parameter values corresponding to the set of parameters in the profiling query associated with the profiling step; compare, at each profiling step, the respective set of parameter values to the criteria or threshold values associated with the corresponding set of parameters in the corresponding profiling query to determine a following profiling step or a state of operation of the target asset; and determine the state of operation of the target asset based on comparing a set of parameter values associated with a final profiling query of the plurality of sequential profiling queries to corresponding criteria or threshold values, the state of operation indicative of an abnormal behavior associated with the target asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A method of monitoring states of operation of assets in a network of computer devices, the method comprising:
-
identifying, by one or more computer devices, a target asset of the computer network; establishing, by the one or more computer devices, a communication link with a computing device associated with the target asset; transmitting, by the one or more computer devices, via the communication link, a plurality of sequential profiling queries to the computing device according to a hierarchical profiling scheme defining a plurality of profiling steps, each profiling step of the plurality of profiling steps associated with a corresponding profiling query that includes a corresponding set of parameters to be requested, the corresponding set of parameters associated with corresponding criteria or threshold values; receiving, by the one or more computer devices, at each profiling step via the communication link, a respective set of parameter values corresponding to the set of parameters in the profiling query associated with the profiling step; comparing, by the one or more computer devices at each profiling step, the respective set of parameter values to the criteria or threshold values associated with the corresponding set of parameters in the corresponding profiling query to determine a following profiling step or a state of operation of the target asset; and determining, by the one or more computer devices, the state of operation of the target asset based on comparing a set of parameter values associated with a final profiling query of the plurality of sequential profiling queries to corresponding criteria or threshold values, the state of operation indicative of an abnormal behavior associated with the target asset. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable medium with computer code instructions stored thereon, the computer code instructions when executed by one or more hardware processors cause the one or more hardware processors to:
-
identify a target asset of the computer network; establish a communication link with a computing device associated with the target asset; transmit, via the communication link, a plurality of sequential profiling queries to the computing device according to a hierarchical profiling scheme defining a plurality of profiling steps, each profiling step of the plurality of profiling steps associated with a corresponding profiling query that includes a corresponding set of parameters to be requested, the corresponding set of parameters associated with corresponding criteria or threshold values; receive at each profiling step via the communication link, a respective set of parameter values corresponding to the set of parameters in the profiling query associated with the profiling step; compare, at each profiling step, the respective set of parameter values to the criteria or threshold values associated with the corresponding set of parameters in the corresponding profiling query to determine a following profiling step or a state of operation of the target asset; and determine the state of operation of the target asset based on comparing a set of parameter values associated with a final profiling query of the plurality of sequential profiling queries to corresponding criteria or threshold values, the state of operation indicative of an abnormal behavior associated with the target asset.
-
Specification