System and Method for Concept Building
First Claim
1. A method, comprising:
- identifying a root term;
determining one or more other terms belonging to a group associated with the root term;
selecting one or more of the terms from the group;
converting the selected terms to regular expressions that are mapped to attributes according to an attribute map;
indexing a document using tags stored in a tag database, wherein if a predetermined number of the regular expressions occur in the document, the tags are associated with corresponding attributes by setting a field or position in an index in the tags, wherein the tags include a pointer to a storage location where the document is stored;
applying a concept based on the selected terms to a rule provided as part of a security policy that controls whether the document is permitted to be sent to a next destination as part of network traffic, wherein the rule is applied to the tags; and
quarantining at least some of the network traffic based on the rule.
10 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment and it includes identifying a root term and determining one or more other terms belonging to a group associated with the root term. The method also includes selecting one or more of the terms from the group and generating a concept based on the selected terms from the group, wherein the concept is applied to a rule that affects data management for one or more documents that satisfy the rule. In more specific embodiments, the root term is identified via a search or via an incident list. In other embodiments, a collection of meaningful terms is provided to assist in determining the other terms for the group, the collection of meaningful terms being generated based on the root term. The concept can be used to automatically mark one or more documents that relate to the concept.
-
Citations
26 Claims
-
1. A method, comprising:
-
identifying a root term; determining one or more other terms belonging to a group associated with the root term; selecting one or more of the terms from the group; converting the selected terms to regular expressions that are mapped to attributes according to an attribute map; indexing a document using tags stored in a tag database, wherein if a predetermined number of the regular expressions occur in the document, the tags are associated with corresponding attributes by setting a field or position in an index in the tags, wherein the tags include a pointer to a storage location where the document is stored; applying a concept based on the selected terms to a rule provided as part of a security policy that controls whether the document is permitted to be sent to a next destination as part of network traffic, wherein the rule is applied to the tags; and quarantining at least some of the network traffic based on the rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus, comprising:
-
a processor; and a memory, wherein the apparatus is configured to; capture packets as part of providing a firewall function in a network environment; identify a root term and determine one or more other terms belonging to a group associated with the root term, wherein one or more of the terms from the group are selected; convert the selected terms to regular expressions that are mapped to attributes according to an attribute map; index a document using tags stored in a tag database, wherein if a predetermined number of the regular expressions occur in the document, the tags are associated with corresponding attributes by setting a field or position in an index in the tags, wherein the tags include a pointer to a storage location where the document is stored; apply a concept based on the selected terms from the group to a rule provided as part of a security policy that controls whether the document is permitted to be sent to a next destination as part of network traffic, wherein the rule is applied to the tags; and quarantine at least some of the network traffic based on the rule. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. Logic encoded in non-transitory media for execution and when executed by a processor operable to:
-
identify a root term; determine one or more other terms belonging to a group associated with the root term; select one or more of the terms from the group; convert the selected terms to regular expressions that are mapped to attributes according to an attribute map; index a document using tags stored in a tag database, wherein if a predetermined number of the regular expressions occur in the document, the tags are associated with corresponding attributes by setting a field or position in an index in the tags, wherein the tags include a pointer to a storage location where the document is stored; apply a concept based on the selected terms to a rule provided as part of a security policy that controls whether the document is permitted to be sent to a next destination as part of network traffic, wherein the rule is applied to the tags to determine if any of the selected terms occur in the document; and quarantine at least some of the network traffic based on the rule. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification