Data movement perimeter monitoring
First Claim
1. A computer-implemented method for improving the functioning of a computer for perimeter monitoring of data movement of data, the computer-implemented method comprising:
- generating, by an electronic processor, a forwarding configuration associated with a mainframe event log, the forwarding configuration including specific data fields and file types that facilitate the perimeter monitoring of data movement;
reducing an amount of data contained in the mainframe event log to the specific data fields and file types based on the forwarding configuration;
ingesting, by the electronic processor, the specific data fields and file types into an operational intel tool in real-time to create raw data;
normalizing, by the electronic processor, the raw data, including standardizing the raw data from different computing environments, to create normalized data;
filtering, by the electronic processor, the normalized data to remove unwanted noise;
identifying a data movement anomaly in the filtered normalized data;
determining, by the electronic processor, whether the data movement anomaly meets an exception;
visually communicating, by the electronic processor, identification of the data movement anomaly on an electronic display, and saving the identification of the data movement anomaly in an electronic memory; and
issuing, by the electronic processor, an electronic alert if the identified data movement anomaly does not meet the exception,wherein filtering the normalized data to remove unwanted noise comprises filtering the normalized data to remove unwanted noise to reduce a number of false electronic alerts.
1 Assignment
0 Petitions
Accused Products
Abstract
System and methods for improving data movement perimeter monitoring and detecting non-compliant data movement within a computing environment include generating a forwarding configuration associated with activity logs, such as activity logs associated with a test environment. The forwarding configuration includes specific fields and file types or the contents of those specific fields and files that facilitate perimeter monitoring or otherwise determining which activity log data elements are needed by an operational intel tool to reduce the amount of data input or analyzed by the operational intel tool, and thus, to reduce its processing load. The forwarding configuration is input into the operational intel tool. Mainframe data is normalized and analyzed to identify abnormal data flows and to generate electronic alerts to facilitate perimeter monitoring. False positives are identified before the alerts are communicated.
-
Citations
25 Claims
-
1. A computer-implemented method for improving the functioning of a computer for perimeter monitoring of data movement of data, the computer-implemented method comprising:
-
generating, by an electronic processor, a forwarding configuration associated with a mainframe event log, the forwarding configuration including specific data fields and file types that facilitate the perimeter monitoring of data movement; reducing an amount of data contained in the mainframe event log to the specific data fields and file types based on the forwarding configuration; ingesting, by the electronic processor, the specific data fields and file types into an operational intel tool in real-time to create raw data; normalizing, by the electronic processor, the raw data, including standardizing the raw data from different computing environments, to create normalized data; filtering, by the electronic processor, the normalized data to remove unwanted noise; identifying a data movement anomaly in the filtered normalized data; determining, by the electronic processor, whether the data movement anomaly meets an exception; visually communicating, by the electronic processor, identification of the data movement anomaly on an electronic display, and saving the identification of the data movement anomaly in an electronic memory; and issuing, by the electronic processor, an electronic alert if the identified data movement anomaly does not meet the exception, wherein filtering the normalized data to remove unwanted noise comprises filtering the normalized data to remove unwanted noise to reduce a number of false electronic alerts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method for improving the functioning of a computer for perimeter monitoring of data movement of data, the computer-implemented method comprising:
-
generating, by an electronic processor, a forwarding configuration associated with a mainframe event log, the forwarding configuration including specific data fields and file types that facilitate the perimeter monitoring of data movement; reducing an amount of data contained in the mainframe event log to the specific data fields and file types based on the forwarding configuration; ingesting, by the electronic processor, the specific data fields and files types the into an operational intel tool in real-time to create raw data; normalizing, by the electronic processor, the raw data, including standardizing different files names, different file formats, and data values from different computing environments, to create normalized data; filtering, by the electronic processor, the normalized data to remove unwanted noise comprising identifying and categorizing data movement in the normalized data; identifying a data movement anomaly in the filtered normalized data; determining, by the electronic processor, whether the data movement anomaly meets an exception; visually communicating, by the electronic processor, identification of the data movement anomaly on an electronic display in the form of a dashboard report, and saving the identification of the data movement anomaly in an electronic memory; and issuing, by the electronic processor, an electronic alert if the identified data movement anomaly does not meet the exception, and saving the electronic alert in the electronic memory, wherein filtering the normalized data to remove unwanted noise comprises filtering the normalized data to remove unwanted noise to reduce a number of false electronic alerts.
-
-
14. A system for perimeter monitoring of data movement of data, the system comprising:
-
an electronic memory element configured to store information; and
an electronic processor configured to—generate a forwarding configuration associated with a mainframe event log, the forwarding configuration including specific data fields and file types that facilitate the perimeter monitoring of data movement; reduce an amount of data contained in the mainframe event log to the specific data fields and file types based on the forwarding configuration; ingest the specific data fields and file types into an operational intel tool in real-time to create raw data, normalize the raw data, including standardizing the raw data from different computing environments, to create normalized data, filter the normalized data to remove unwanted noise, identify a data movement anomaly in the filtered normalized data, determine whether the data movement anomaly meets an exception, visually communicate identification of the data movement anomaly on an electronic display, and saving the identification of the data movement anomaly in the electronic memory, and issue an electronic alert if the identified data movement anomaly does not meet the exception, wherein to filter the normalized data to remove unwanted noise comprises to filter the normalized data to remove unwanted noise to reduce a number of false electronic alerts. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification