Security Monitoring Tool for Computer Network
First Claim
1. A computer security monitoring method, comprising;
- storing information about a plurality of known hosts, each of the known hosts being an entity of a computer network;
receiving data from one or more sources;
associating and storing at least some of the data and at least some information about a first of the known hosts with at least two hosts if it is determined that, based on the data, the information associated with the first known host is more accurately associated with the at least two hosts; and
associating and storing at least some of the data and at least some information about at least two of the known hosts with a single host if it is determined that, based on the data, the information associated with the at least two known hosts is more accurately associated with the single host.
0 Assignments
0 Petitions
Accused Products
Abstract
A security monitoring tool and method for a computer network receives data and determines whether the data is associated with a host already stored in a database. Based on the determination, the tool stores the data as a new host or associates it with an existing host. The tool also uses the received data to improve how previously stored data is associated with hosts. In one aspect, the tool determines whether the received data indicates that data currently associated with a stored host represents data for at least two hosts. If so, the tool splits the data into two hosts and associates the received data to the appropriate host. In another aspect, the tool determines whether the received data indicates that data currently associated with two or more hosts represent data for only one host. If so, the tool merges the data into one host and associates the received data with that host.
-
Citations
34 Claims
-
1. A computer security monitoring method, comprising;
-
storing information about a plurality of known hosts, each of the known hosts being an entity of a computer network; receiving data from one or more sources; associating and storing at least some of the data and at least some information about a first of the known hosts with at least two hosts if it is determined that, based on the data, the information associated with the first known host is more accurately associated with the at least two hosts; and associating and storing at least some of the data and at least some information about at least two of the known hosts with a single host if it is determined that, based on the data, the information associated with the at least two known hosts is more accurately associated with the single host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer security monitoring tool, comprising:
-
a database storing information on a plurality of known hosts, each known host being an entity of a computer network; an interface module receiving data from one or more sources; and a program module associating the data with hosts and storing the data in the database, the program module configured to— split the information currently associated with one of the known hosts into at least two hosts if it is determined that, based on the data, the information currently associated with the one known host is more accurately associated with the at least two hosts; and merge the information currently associated with at least two known hosts into a single host if it is determined that, based on the data, the information currently associated with the at least two hosts is more accurately associated with the single host. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification