×

Management apparatus and management method

  • US 10,430,582 B2
  • Filed: 07/15/2016
  • Issued: 10/01/2019
  • Est. Priority Date: 08/17/2015
  • Status: Active Grant
First Claim
Patent Images

1. A non-transitory computer-readable storage medium storing a computer program that causes a computer to perform a process comprising:

  • obtaining execution information about a first process generated or a first command executed by an information processing apparatus that performs a task in response to an execution instruction for executing the task, the execution information including an execution start time and an execution end time of the first process or the first command executed by the information processing apparatus;

    accumulating the execution start time and the execution end time of the first process or the first command as record information;

    creating a scheduled task list of the first process or the first command that the information processing apparatus is scheduled to execute during a predetermined time period, based on the execution information obtained about the first process or the first command, as well as based on a schedule of the execution instruction for the task;

    receiving alert information including information about a second process being generated or a second command being executed by the information processing apparatus when a security incident indicating an unauthorized action is detected in the information processing apparatus;

    calculating a scheduled execution time zone in which the first process or the first command is expected to be executed, based on the scheduled task list, the schedule, and the record information, and comparing detected date and time of the second process or the second command indicated by the alert information against the scheduled execution time zone;

    determining whether or not the detected date and time of the second process or the second command is included in the scheduled execution time zone calculated based on the scheduled task list that has been created based on the execution information and the schedule; and

    discarding the received alert information when the determining concludes that the detected date and time of the second process or the second command is included in the scheduled execution time zone.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×