POLICY-BASED SELECTION OF REMEDIATION
First Claim
1. A computer-implemented method comprising:
- maintaining, by a remote server, a policy database having stored therein a plurality of policies each of which defines at least one parameter condition violation of which is potentially indicative of unauthorized activity or manipulation of a particular host asset of a plurality of monitored host assets;
receiving, by a remote server, via a network coupling the plurality of monitored host assets in communication with the remote server, a value of a parameter of a host asset of the plurality of monitored host assets, wherein the parameter value is one of a plurality of parameter values that collectively characterize an operational state of the host asset at a particular point in time;
determining whether a policy of the plurality of policies is violated based on the parameter value by;
retrieving, by the remote server from the policy database, one or more policies of the plurality of policies; and
evaluating, by the remote server, the one or more policies with reference to the parameter value; and
when an affirmative determination regarding violation of the policy has been made;
retrieving, by the remote server from a remediation database associated with the remote server, at least one remediation for the host asset based on the policy; and
deploying, by the remote server, the at least one retrieved remediation to the host asset.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for automatically determining one or more remediations for a remotely monitored host asset are provided. According to one embodiment, a policy database, having stored therein policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity or manipulation of the host asset, is maintained by a remote server. The remote server receives via a network, a value of a parameter of the host asset. The parameter value is one of multiple parameter values that collectively characterize an operational state of the host asset. A determination is made whether there is a policy violation based on the parameter value by retrieving and evaluating one or more policies with reference to the parameter value. When a policy violation is confirmed, a remediation is retrieved from a remediation database associated with the remote server and the remediation is deployed to the host asset.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
maintaining, by a remote server, a policy database having stored therein a plurality of policies each of which defines at least one parameter condition violation of which is potentially indicative of unauthorized activity or manipulation of a particular host asset of a plurality of monitored host assets; receiving, by a remote server, via a network coupling the plurality of monitored host assets in communication with the remote server, a value of a parameter of a host asset of the plurality of monitored host assets, wherein the parameter value is one of a plurality of parameter values that collectively characterize an operational state of the host asset at a particular point in time; determining whether a policy of the plurality of policies is violated based on the parameter value by; retrieving, by the remote server from the policy database, one or more policies of the plurality of policies; and evaluating, by the remote server, the one or more policies with reference to the parameter value; and when an affirmative determination regarding violation of the policy has been made; retrieving, by the remote server from a remediation database associated with the remote server, at least one remediation for the host asset based on the policy; and deploying, by the remote server, the at least one retrieved remediation to the host asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification