Query engine for remote endpoint information retrieval
First Claim
1. At least one machine readable storage medium comprising instructions that, when executed by at least one processor, cause the at least one processor to:
- receive a master query by a query engine in an endpoint in a network environment from a query service via a network of the environment;
execute a set of one or more subqueries defined in the master query, wherein an execution of a first subquery of the set of one or more subqueries is to include;
causing a first function to execute on the endpoint to collect data associated with the endpoint and produce a first output based on the collected data;
applying one or more conditions to the first output to determine a first result; and
determining a result of the master query based, at least in part, on the first result; and
responsive to the result of the master query indicating the endpoint is compromised, cause a script to be executed by the endpoint to perform a remedial action on the endpoint, wherein the remedial action performed includes one or more of;
removing a file, deleting a file, terminating a process, rebooting, and shutting down.
14 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are disclosed herein for remote retrieval of information from endpoints and comprise receiving a master query at an endpoint in a network environment and executing a set of one or more subqueries defined in the master query. Embodiments also comprise an execution of a first subquery that includes executing a function to produce a first output, applying one or more conditions to the first output to determine a second output, and determining a result of the master query based, at least in part, on the second output. In specific embodiments, the master query is received from another node over a network connection. In more specific embodiments, the function is executed on the endpoint to collect real-time information based on one or more parameters. In further embodiments, the function is one of a plug-in or a script.
-
Citations
24 Claims
-
1. At least one machine readable storage medium comprising instructions that, when executed by at least one processor, cause the at least one processor to:
-
receive a master query by a query engine in an endpoint in a network environment from a query service via a network of the environment; execute a set of one or more subqueries defined in the master query, wherein an execution of a first subquery of the set of one or more subqueries is to include; causing a first function to execute on the endpoint to collect data associated with the endpoint and produce a first output based on the collected data; applying one or more conditions to the first output to determine a first result; and determining a result of the master query based, at least in part, on the first result; and responsive to the result of the master query indicating the endpoint is compromised, cause a script to be executed by the endpoint to perform a remedial action on the endpoint, wherein the remedial action performed includes one or more of;
removing a file, deleting a file, terminating a process, rebooting, and shutting down. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, the apparatus being an endpoint in a network environment and comprising:
-
at least one processor; a query engine operable to run on the at least one processor to; receive a master query from a query service via a network of the network environment; execute a set of one or more subqueries defined in the master query, wherein an execution of a first subquery of the set of one or more subqueries is to include; causing a first function to execute to collect data associated with the apparatus and produce a first output based on the collected data; applying one or more conditions to the first output to determine a first result; and determining a result of the master query based, at least in part, on the first result; and responsive to the result of the master query indicating the endpoint is compromised, cause a script to be executed by the endpoint to perform a remedial action on the endpoint, wherein the remedial action performed includes one or more of;
removing a file, deleting a file, terminating a process, rebooting, and shutting down. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method, the method comprising:
-
receiving a master query by a query engine of an endpoint in a network environment from a query service via a network of the environment; executing a set of one or more subqueries defined in the master query, wherein an execution of a first subquery of the set of one or more subqueries is to include; causing a first function to execute on the endpoint to collect data associated with the endpoint and produce a first output based on the collected data; applying one or more conditions to the first output to determine a first result; and determining a result of the master query based, at least in part, on the first result; and responsive to the result of the master query indicating the endpoint is compromised, causing a script to be executed by the endpoint to perform a remedial action on the endpoint, wherein the remedial action performed includes one or more of;
removing a file, deleting a file, terminating a process, rebooting, and shutting down. - View Dependent Claims (23, 24)
-
Specification