Processing Security-Relevant Events using Tagged Trees
First Claim
1. A system comprising:
- a processor; and
a memory coupled to the processor, the memory storing;
a tree object representing an execution chain of at least some system components of a plurality of system components;
respective data objects representing the at least some system components; and
executable instructions;
wherein the executable instructions, when operated by the processor, cause the processor to perform operations including;
assigning, to the data objects, a first tag representing the tree object;
assigning, to the tree object, a second tag, wherein the second tag applies transitively to the data objects via the first tag; and
performing an action based at least in part on the second tag.
4 Assignments
0 Petitions
Accused Products
Abstract
Devices described herein are configured to propagate tags among data objects representing system components. Such devices may detect an event associated with a plurality of system components. Based at least in part on detecting the event and on a configurable policy, the devices may propagate a tag that is assigned to a data object representing one of the plurality of system components to another data object representing another of the plurality of system components. One example of such a tag may be associated with a tree object that represents an execution chain of instances of at least the system component represented by the data object and the other system component represented by the other data object. Another example of such a tag may be a user-specified tag of another entity that the entity associated with the devices subscribes to.
33 Citations
20 Claims
-
1. A system comprising:
-
a processor; and a memory coupled to the processor, the memory storing; a tree object representing an execution chain of at least some system components of a plurality of system components; respective data objects representing the at least some system components; and executable instructions; wherein the executable instructions, when operated by the processor, cause the processor to perform operations including; assigning, to the data objects, a first tag representing the tree object; assigning, to the tree object, a second tag, wherein the second tag applies transitively to the data objects via the first tag; and performing an action based at least in part on the second tag. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method comprising:
-
creating, in a computer-readable memory, data objects representing respective system components of a monitored computing device; creating, in the computer-readable memory, a tree object representing an execution chain, wherein the execution chain includes the system components; assigning, to the data objects, a first tag representing the tree object; assigning, to the tree object, a second tag, wherein the second tag applies transitively to the data objects via the first tag; and performing an action based at least in part on a stored configuration and the second tag. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method, comprising:
-
receiving, via a network, information of system components of a monitored computing device; creating, in a computer-readable memory, data objects representing respective ones of the system components; receiving, via the network, an indication of an event associated with the system components; creating, in the computer-readable memory, a tree object representing the event; assigning, to the data objects, a first tag representing the tree object; assigning, to the tree object, a second tag; and performing an action based at least in part on the second tag. - View Dependent Claims (17, 18, 19, 20)
-
Specification