Extended user session tracking
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
receive network activity data;
use the received network activity data to identify a user login activity on a first machine; and
generate a logical graph comprising a plurality of edges and nodes, wherein generating the logical graph includes linking the user login activity on the first machine to;
at least one of;
(1) a first node corresponding to a user associated with the user login activity on the first machine, and (2) a second node corresponding to a process executed on the first machine; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Network activity data is received, for example, from a set of agents reporting collectively information about a set of hosts. The received network activity data is used to identify a user login activity. A logical graph that links the user login activity to at least one user and at least one process is generated.
-
Citations
37 Claims
-
1. A system, comprising:
-
a processor configured to; receive network activity data; use the received network activity data to identify a user login activity on a first machine; and generate a logical graph comprising a plurality of edges and nodes, wherein generating the logical graph includes linking the user login activity on the first machine to;
at least one of;
(1) a first node corresponding to a user associated with the user login activity on the first machine, and (2) a second node corresponding to a process executed on the first machine; anda memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method, comprising:
-
receiving network activity data; using the received network activity data to identify a user login activity on a first machine; and generating a logical graph comprising a plurality of edges and nodes, wherein generating the logical graph includes linking the user login activity on the first machine to;
at least one of;
(1) a first node corresponding to a user associated with the user login activity on the first machine, and (2) a second node corresponding to a process executed on the first machine. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A computer program product embodied in a tangible computer readable storage medium and comprising computer instructions for:
-
receiving network activity data; using the received network activity data to identify a user login activity on a first machine; and generating a logical graph comprising a plurality of edges and nodes, wherein generating the logical graph includes linking the user login activity on the first machine to;
at least one of;
(1) a first node corresponding to a user associated with the user login activity on the first machine, and (2) a second node corresponding to a process executed on the first machine.
-
Specification