Apparatus and method to automatically collect data regarding assets of a business entity
First Claim
1. A method for using a fingerprint to collect attribute data and recognize an asset, comprising the steps of:
- 1) opening a fingerprint file and reading the element ID code there from;
2) finding all attributes having ID codes that map to said element ID;
3) for an attribute of the element identified in step 1, determining the collection instruction associated with said attribute, and looking up the protocol to use in executing said collection instruction;
4) using the protocol designated for each collection instruction, executing the collection instruction and collecting attribute data about the element;
5) repeating steps 3 and 4 for each other attribute of the element identified in step 1 to collect all the attribute data regarding said element;
6) executing one or more rules included in said fingerprint or pointed to by said fingerprint to calculate the probability that the element identified in step 1 exists.
10 Assignments
0 Petitions
Accused Products
Abstract
A system to automatically gather attribute data about elements such as networks, network interface cards, operating systems, device types, installed software, processes in execution, financial data, etc. in an organization or a designated subset of the organization. Fingerprint files are used, each fingerprint file corresponding to an element of a specific type and each containing a list of attributes that will be found if that element exists in the system. Each fingerprint contains or points to one or more collection instructions which control a data collector process to attempt to gather attribute data. Each fingerprint contains or points to rules that are used to analyze the attribute data gathered to calculate the probability that the element exists. The rules can be fired sequentially, in if-then-else fashion or can be incorporated in a script in loops and with mathematical manipulations, tests and branching for more sophisticated analysis. Fingerprints can be turned on and off by configuration data and can be used in a logical order to do discovery without any prior knowledge of the systems being analyzed. A refresh schedule and collection calendar control how often the fingerprints are used in some embodiments, and collected data is stored with time stamps to enable analysis of changes in the data over time.
-
Citations
20 Claims
-
1. A method for using a fingerprint to collect attribute data and recognize an asset, comprising the steps of:
-
1) opening a fingerprint file and reading the element ID code there from;
2) finding all attributes having ID codes that map to said element ID;
3) for an attribute of the element identified in step 1, determining the collection instruction associated with said attribute, and looking up the protocol to use in executing said collection instruction;
4) using the protocol designated for each collection instruction, executing the collection instruction and collecting attribute data about the element;
5) repeating steps 3 and 4 for each other attribute of the element identified in step 1 to collect all the attribute data regarding said element;
6) executing one or more rules included in said fingerprint or pointed to by said fingerprint to calculate the probability that the element identified in step 1 exists. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for using a fingerprint to collect attribute data and recognize an asset, comprising the steps of:
-
1) opening a fingerprint file and reading the element ID code there from;
2) finding all attributes having ID codes that map to said element ID;
3) for an attribute of the element identified in step 1, determining the collection instruction associated with said attribute, and looking up the protocol to use in executing said collection instruction;
4) using the protocol designated for each collection instruction, executing the collection instruction and collecting attribute data about the element;
5) repeating steps 3 and 4 for each other attribute of the element identified in step 1 to collect all the attribute data regarding said element;
6) finding and reading one or more rules included in the fingerprint file opened in step 1 or pointed to by said fingerprint, and, if the fingerprint selected in step 1 has more than one rule, executing said rules in an if-then-else sequence with the path of execution of said rules determined by branching on tests and results of application of previous rules to calculate the probability that the element identified in step 1 exists; and
7) making an entry in a data table recording the element and its attribute data. - View Dependent Claims (8, 9)
-
-
10. A method for using a fingerprint to collect attribute data and recognize an asset, comprising the steps of:
-
1) opening a fingerprint file and reading the element ID code there from;
2) finding all attribute having ID codes that map to said element ID;
3) for an attribute of the element identified in step 1, determining the collection instruction associated with said attribute, and looking up the protocol to use in executing said collection instruction;
4) using the protocol designated for each collection instruction, executing the collection instruction and collecting attribute data about the element;
5) repeating steps 3 and 4 for each other attribute of the element identified in step 1 to collect all the attribute data regarding said element;
6) finding and reading a script containing one or more rules and possibly including looping or other iterative program structure, branching and/or mathematical manipulations, said script included in the fingerprint file opened in step 1 or pointed to by said fingerprint, and, executing said script to calculate the probability that the element identified in step 1 exists; and
7) making an entry in an element and data tables recording the element and its attribute data. - View Dependent Claims (11, 12)
-
-
13. A method for using a fingerprint to collect attribute data and recognize an asset, comprising the steps of:
-
1) opening a fingerprint file for one of one or more network fingerprints and reading the element ID code therefrom;
2) finding all attribute having ID codes that map to said element ID;
3) for an attribute of the element identified in step 1, determining the collection instruction associated with said attribute, and looking up the protocol to use in executing said collection instruction;
4) using the protocol designated for each collection instruction, executing the collection instruction and collecting attribute data about the element;
5) repeating steps 3 and 4 for each other attribute of the element identified in step 1 to collect all the attribute data regarding said element;
6) executing one or more rules included in said fingerprint or pointed to by said fingerprint to calculate the probability that the element identified in step 1 exists;
7) making an entry in a data table for a network of the type identified in said fingerprint opened in step 1 if such a network was found, said entry including the network attributes, but, if no network was found, repeating steps 1 through 6 using another of said one or more network fingerprints, and repeating steps 1 through 7 for all network fingerprints available;
8) for each found network, picking other fingerprints in a predetermined logical order set by configuration data and executing steps 1 through 6 for each said fingerprint to find all the elements of interest associated with devices on each network, and making an entry in an element and data table for each element for which a fingerprint was executed including the attributes of said element and performing this step 8 in such a way in each iteration through steps 1 through 7 that said data table is structured to shown the relationships between elements such that it is known which elements exist on which devices on which networks.
-
-
14. An article of manufacture comprising:
a computer useable medium having computer readable program code embodied therein for automatically using fingerprint files to control the automated collection of attribute data about elements of an organization and analyze said attribute data to determine the probability of existence or nonexistence of various elements, the computer readable program code comprising;
1) a computer readable program code segment for controlling a computer to open a fingerprint file and reading the element ID code therefrom;
2) a computer readable program code segment for controlling a computer to find all attributes having ID codes that map to said element ID;
3) a computer readable program code segment for controlling a computer to, for an attribute of the element identified by code segment 1, determine the collection instruction associated with said attribute, and look up the protocol to use in executing said collection instruction;
4) a computer readable program code segment for controlling a computer to use the protocol designated for each collection instruction, and execute the collection instruction and collect attribute data about the element;
5) a computer readable program code segment for controlling a computer to repeat the processing of code segments 3 and 4 for each other attribute of the element identified by code segment 1 to collect all the attribute data regarding said element;
6) a computer readable program code segment for controlling a computer to execute one or more rules included in said fingerprint or pointed to by said fingerprint to calculate the probability that the element identified in step 1 exists and to make an instance entry in an element and data table for each found element. - View Dependent Claims (15, 16, 17)
-
18. An article of manufacture comprising:
a computer useable medium having computer readable program code embodied therein for automatically using fingerprint files to control the automated collection of attribute data about elements of an organization and analyze said attribute data to determine the probability of existence or nonexistence of various elements, the computer readable program code comprising;
1) a code segment to control a computer to select and open a fingerprint file and read the element ID code therefrom;
2) a code segment to control a computer to find all attribute having ID codes that map to said element ID;
3) a code segment to control a computer to, for an attribute of the element identified by code segment 1, determine the collection instruction associated with said attribute, and look up the protocol to use in executing said collection instruction;
4) a code segment to control a computer to use the protocol designated for each collection instruction, and execute the collection instruction and collecting attribute data about the element;
5) a code segment to control a computer to repeat the procesing of code segments 3 and 4 for each other attribute of the element identified by code segment 1 to collect all the attribute data regarding said element;
6) a code segment to control a computer to find and read a script containing one or more rules and possibly including looping or other iterative program structure, branching and/or mathematical manipulations, said script included in the fingerprint file selected and opened by code segment 1 or pointed to by said fingerprint, and, execute said script to calculate the probability that the element identified by code segment 1 exists; and
7) a code segment to control a computer to make an entry in a data table recording the element and its attribute data.
-
19. An article of manufacture comprising:
a computer useable medium having computer readable program code embodied therein for automatically using fingerprint files to control the automated collection of attribute data about elements of an organization and analyze said attribute data to determine the probability of existence or nonexistence of various elements, the computer readable program code comprising;
1) a computer useable code segment to control a computer to open a fingerprint file and read the element ID code therefrom;
2) a computer useable code segment to control a computer to find all attribute having ID codes that map to said element ID;
3) a computer useable code segment to control a computer to, for an attribute of the element identified in step 1, determine the collection instruction associated with said attribute, and look up the protocol to use in executing said collection instruction;
4) a computer useable code segment to control a computer to use the protocol designated for each collection instruction, execute the collection instruction and collect attribute data about the element;
5) a computer useable code segment to control a computer to repeat the processing of code segments 3 and 4 for each other attribute of the element identified by code segment 1 to collect all the attribute data regarding said element;
6) a computer useable code segment to control a computer to find and read one or more rules included in the fingerprint file opened by code segment 1 or pointed to by said fingerprint, and, if the fingerprint selected by code segment 1 has more than one rule, controlling said computer to execute said rules in an if-then-else sequence with the path of execution of said rules determined by branching on tests and results of application of previous rules to calculate the probability that the element identified by code segment 1 exists; and
7) a computer useable code segment to control a computer to make an entry in an element and data table recording the element and its attribute data.
-
20.
Specification