Automatic determination of user roles and asset types based on network monitoring
First Claim
1. A method for monitoring network traffic using one or more network monitoring computers, comprising:
- monitoring network traffic to determine a plurality of users and a plurality of assets based on one or more characteristics of the network traffic;
employing a user role model to assign a user role and provide a role confidence score to each of the plurality of users based on a portion of the network traffic associated with the plurality of users, wherein one or more previously determined inferences for the user role or previously determined inferences for the role confidence score are associated with the user role model;
employing an asset model to assign an asset type and provide an asset confidence score to each of the plurality of assets based on another portion of the network traffic associated with the plurality of assets, wherein one or more previously determined inferences for the asset type or previously determined inferences for the asset confidence score are associated with the asset model;
associating one or more users of the plurality of users with one or more assets of the plurality of assets based on the network traffic;
comparing the one or more previously determined inferences of the user role to the one or more previously determined inferences of the asset type;
modifying the role confidence score provided to the one or more users based on the asset type assigned to the one or more assets associated with the one or more users and a result of the comparison;
modifying the asset confidence score provided to the one or more assets based on the user role assigned to the one or more users associated with the one or more assets and the result of the comparison; and
employing geolocation information provided by a global positioning system (GPS) device to select one or more features, including a time zone, spoken language, or calendar format that is used in or more of monitoring network traffic, user interfaces, or databases to provide a report that includes information about the result of the comparison, the one or more user roles, and the one or more asset types.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to monitoring network traffic to determine users and assets based on the network traffic. A user role model may assign a user role and provide a role confidence score for the users based on network traffic associated with the users. An asset model may assign an asset type and provide an asset confidence score the assets based on network traffic associated with the assets. The users may be associated with assets based on the network traffic. The role confidence scores provided for the users may be modified based on the asset type assigned to assets associated with the users. The asset confidence score provided for the assets may be modified based on the user role assigned to the users associated with the assets. A report that includes information about the user roles and the asset types may be provided.
442 Citations
28 Claims
-
1. A method for monitoring network traffic using one or more network monitoring computers, comprising:
-
monitoring network traffic to determine a plurality of users and a plurality of assets based on one or more characteristics of the network traffic; employing a user role model to assign a user role and provide a role confidence score to each of the plurality of users based on a portion of the network traffic associated with the plurality of users, wherein one or more previously determined inferences for the user role or previously determined inferences for the role confidence score are associated with the user role model; employing an asset model to assign an asset type and provide an asset confidence score to each of the plurality of assets based on another portion of the network traffic associated with the plurality of assets, wherein one or more previously determined inferences for the asset type or previously determined inferences for the asset confidence score are associated with the asset model; associating one or more users of the plurality of users with one or more assets of the plurality of assets based on the network traffic; comparing the one or more previously determined inferences of the user role to the one or more previously determined inferences of the asset type; modifying the role confidence score provided to the one or more users based on the asset type assigned to the one or more assets associated with the one or more users and a result of the comparison; modifying the asset confidence score provided to the one or more assets based on the user role assigned to the one or more users associated with the one or more assets and the result of the comparison; and employing geolocation information provided by a global positioning system (GPS) device to select one or more features, including a time zone, spoken language, or calendar format that is used in or more of monitoring network traffic, user interfaces, or databases to provide a report that includes information about the result of the comparison, the one or more user roles, and the one or more asset types. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network monitoring computer (NMC) for monitoring network traffic between one or more computers, comprising:
-
a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; monitoring network traffic to determine a plurality of users and a plurality of assets based on one or more characteristics of the network traffic; employing a user role model to assign a user role and provide a role confidence score to each of the plurality of users based on a portion of the network traffic associated with the plurality of users, wherein one or more previously determined inferences for the user role or previously determined inferences for the role confidence score are associated with the user role model; employing an asset model to assign an asset type and provide an asset confidence score to each of the plurality of assets based on another portion of the network traffic associated with the plurality of assets, wherein one or more previously determined inferences for the asset type or previously determined inferences for the asset confidence score are associated with the asset model; associating one or more users of the plurality of users with one or more assets of the plurality of assets based on the network traffic; comparing the one or more previously determined inferences of the user role to the one or more previously determined inferences of the asset type; modifying the role confidence score provided to the one or more users based on the asset type assigned to the one or more assets associated with the one or more users and a result of the comparison; modifying the asset confidence score provided to the one or more assets based on the user role assigned to the one or more users associated with the one or more assets and the result of the comparison; and employing geolocation information provided by a global positioning system (GPS) device to select one or more features, including a time zone, spoken language, or calendar format that is used in or more of monitoring network traffic, user interfaces, or databases to provide a report that includes information about the result of the comparison, the one or more user roles, and the one or more asset types. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A processor readable non-transitory storage media that includes instructions for monitoring network traffic using one or more network monitoring computers (NMC), wherein execution of the instructions by the one or more NMCs perform the method comprising:
-
monitoring network traffic to determine a plurality of users and a plurality of assets based on one or more characteristics of the network traffic; employing a user role model to assign a user role and provide a role confidence score to each of the plurality of users based on a portion of the network traffic associated with the plurality of users, wherein one or more previously determined inferences for the user role or previously determined inferences for the role confidence score are associated with the user role model; employing an asset model to assign an asset type and provide an asset confidence score to each of the plurality of assets based on another portion of the network traffic associated with the plurality of assets, wherein one or more previously determined inferences for the asset type or previously determined inferences for the asset confidence score are associated with the asset model; associating one or more users of the plurality of users with one or more assets of the plurality of assets based on the network traffic; comparing the one or more previously determined inferences of the user role to the one or more previously determined inferences of the asset type; modifying the role confidence score provided to the one or more users based on the asset type assigned to the one or more assets associated with the one or more users and a result of the comparison; modifying the asset confidence score provided to the one or more assets based on the user role assigned to the one or more users associated with the one or more assets and the result of the comparison; and employing geolocation information provided by a global positioning system (GPS) device to select one or more features, including a time zone, spoken language, or calendar format that is used in or more of monitoring network traffic, user interfaces, or databases to provide a report that includes information about the result of the comparison, the one or more user roles, and the one or more asset types. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A system for monitoring network traffic in a network:
-
one or more network monitoring computers (NMCs), comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; monitoring network traffic to determine a plurality of users and a plurality of assets based on one or more characteristics of the network traffic; employing a user role model to assign a user role and provide a role confidence score to each of the plurality of users based on a portion of the network traffic associated with the plurality of users, wherein one or more previously determined inferences for the user role or previously determined inferences for the role confidence score are associated with the user role model; employing an asset model to assign an asset type and provide an asset confidence score to each of the plurality of assets based on another portion of the network traffic associated with the plurality of assets, wherein one or more previously determined inferences for the asset type or previously determined inferences for the asset confidence score are associated with the asset model; associating one or more users of the plurality of users with one or more assets of the plurality of assets based on the network traffic; comparing the one or more previously determined inferences of the user role to the one or more previously determined inferences of the asset type; modifying the role confidence score provided to the one or more users based on the asset type assigned to the one or more assets associated with the one or more users and a result of the comparison; modifying the asset confidence score provided to the one or more assets based on the user role assigned to the one or more users associated with the one or more assets and the result of the comparison; and employing geolocation information provided by a global positioning system (GPS) device to select one or more features, including a time zone, spoken language, or calendar format that is used in or more of monitoring network traffic, user interfaces, or databases to provide a report that includes information about the result of the comparison, the one or more user roles, and the one or more asset types; and one or more client computers, comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; providing one or more portions of the portion of the network traffic associated with the plurality of users. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification