IDENTIFYING AND MONITORING NORMAL USER AND USER GROUP INTERACTIONS
First Claim
1. A method of monitoring user interactions within one or more monitored computer systems, comprising the steps of:
- receiving metadata from one or more devices within the one or more monitored computer systems;
identifying from the metadata events corresponding to a plurality of user interactions with the monitored computer systems;
storing user interaction event data from the identified said events corresponding to a plurality of user interactions with the monitored computer systems;
determining, using the stored user interaction event data, normal user interaction behaviour; and
storing the determined normal user interaction behaviour as a reference.
0 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a network monitoring system for computer systems. According to an aspect of the invention, there is provided a method for monitoring user interactions within one or more monitored computer systems, comprising the steps of: receiving metadata from one or more devices within the one or more monitored computer systems; identifying from the metadata events corresponding to a plurality of user interactions with the monitored computer systems; storing user interaction event data from the identified said events corresponding to a plurality of user interactions with the monitored computer systems; determining, using the stored user interaction event data, normal user interaction behaviour; and storing the determined normal user interaction behaviour as a reference.
-
Citations
70 Claims
-
1. A method of monitoring user interactions within one or more monitored computer systems, comprising the steps of:
-
receiving metadata from one or more devices within the one or more monitored computer systems; identifying from the metadata events corresponding to a plurality of user interactions with the monitored computer systems; storing user interaction event data from the identified said events corresponding to a plurality of user interactions with the monitored computer systems; determining, using the stored user interaction event data, normal user interaction behaviour; and storing the determined normal user interaction behaviour as a reference. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 40, 41)
-
-
35. Apparatus for monitoring user interactions within one or more monitored computer systems, comprising:
-
a metadata-ingesting module configured to receive and aggregate metadata from one or more devices within the one or more monitored computer systems; a data pipeline module configured to identify from the metadata events corresponding to a plurality of user interactions with the monitored computer systems; a data store configured to store user interaction event data from the identified said events corresponding to a plurality of user interactions with the monitored computer systems; and an analysis module arranged to determine, using the stored user interaction event data, normal user interaction behaviour and store the determined normal user interaction behaviour as a reference. - View Dependent Claims (36, 37, 38, 39)
-
-
42. A method for monitoring user interactions within one or more monitored computer networks, comprising the steps of:
-
receiving metadata from one or more devices within the one or more monitored computer networks; identifying from the metadata events corresponding to a plurality of user interactions with the monitored computer networks; storing user interaction event data from the identified said events corresponding to a plurality of user interactions with the monitored computer networks; and comparing user interaction event data against a reference to evaluate user interactions. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 67, 68)
-
-
63. Apparatus for monitoring user interactions within one or more monitored computer networks, comprising:
-
a metadata-ingesting module configured to receive and aggregate metadata from one or more devices within the one or more monitored computer networks; a data pipeline module configured to identify from the metadata events corresponding to a plurality of user interactions with the monitored computer networks; a data store configured to store user interaction event data from the identified said events corresponding to a plurality of user interactions with the monitored computer networks; and an analysis module arranged to compare user interaction event data against a reference to evaluate user interactions. - View Dependent Claims (64, 65, 66)
-
-
69. A method substantially as herein described and/or as illustrated with reference to the accompanying figures.
-
70. Apparatus substantially as herein described and/or as illustrated with reference to the accompanying figures.
Specification