Advanced Asset Tracking and Correlation
First Claim
1. A system for identifying target assets, the system comprising:
- an asset correlation engine executable by one or more computing device processors and in communication with an asset database,wherein the asset database is operable to store asset entries, wherein at least one asset entry in the asset database is associated with an asset,wherein the asset correlation engine is operable to;
access correlation information comprising attribute information associated with one or more assets, andwherein the system is operable to;
receive data associated with a target asset of a network, wherein the target asset comprises at least one of a desktop workstation, a server, a laptop, a tablet, a mobile phone, an application, a virtual machine, and a computing device;
parse the data to identify a target attribute associated with the target asset, wherein the target attribute comprises at least one of an IP address attribute, a DNS name attribute, a network attribute, an operating system attribute, a NetBIOS name attribute, an agent identification attribute, a software attribute, a hardware attribute, and an instance identification attribute;
access exclusionary rules associated with attributes;
determine, based on the exclusionary rules associated with the attributes, whether the target attribute is excludable;
in response to determining the target attribute is not excludable, determine, based on the correlation information, target attribute information associated with the target attribute;
determine, based on the target attribute information associated with the target attribute, target asset information, wherein a second target attribute excluded by the exclusionary rules is not used in determining the target asset information;
determine whether the target asset information at least partially correlates with an asset entry in the asset database; and
in response to determining the target asset information at least partially correlates with the asset entry in the asset database, process the target asset information.
1 Assignment
0 Petitions
Accused Products
Abstract
A security management system may be remotely deployed (e.g., using a cloud-based architecture) to add security to an enterprise network. For example, the security management system may scan assets within the enterprise network for vulnerabilities and may receive data from these scans. The security management system may also receive data from other sources, and, as a result, the system may handle data having many different formats and attributes. When the security management system tries to associate data to assets, there may not be a globally unique identifier that is applicable for all received data. Provided in the present disclosure are exemplary techniques for tracking assets across a network using an asset correlation engine that can flexibly correlate data with assets based on attribute information.
-
Citations
20 Claims
-
1. A system for identifying target assets, the system comprising:
-
an asset correlation engine executable by one or more computing device processors and in communication with an asset database, wherein the asset database is operable to store asset entries, wherein at least one asset entry in the asset database is associated with an asset, wherein the asset correlation engine is operable to; access correlation information comprising attribute information associated with one or more assets, and wherein the system is operable to; receive data associated with a target asset of a network, wherein the target asset comprises at least one of a desktop workstation, a server, a laptop, a tablet, a mobile phone, an application, a virtual machine, and a computing device; parse the data to identify a target attribute associated with the target asset, wherein the target attribute comprises at least one of an IP address attribute, a DNS name attribute, a network attribute, an operating system attribute, a NetBIOS name attribute, an agent identification attribute, a software attribute, a hardware attribute, and an instance identification attribute; access exclusionary rules associated with attributes; determine, based on the exclusionary rules associated with the attributes, whether the target attribute is excludable; in response to determining the target attribute is not excludable, determine, based on the correlation information, target attribute information associated with the target attribute; determine, based on the target attribute information associated with the target attribute, target asset information, wherein a second target attribute excluded by the exclusionary rules is not used in determining the target asset information; determine whether the target asset information at least partially correlates with an asset entry in the asset database; and in response to determining the target asset information at least partially correlates with the asset entry in the asset database, process the target asset information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for identifying target assets, the method comprising:
-
accessing, using one or more computing device processors, correlation information comprising attribute information associated with one or more assets; accessing, using the one or more computing device processors, exclusionary rules associated with attributes; receiving, using the one or more computing device processors, data associated with a target asset of a network, wherein the target asset comprises at least one of a desktop workstation, a server, a laptop, a tablet, a mobile phone, a virtual machine, and a computing device; parsing, using the one or more computing device processors, the data associated with the target asset of the network to identify a target attribute associated with the data, wherein the target attribute comprises at least one of an IP address attribute, a DNS name attribute, a network attribute, an operating system attribute, a NetBIOS name attribute, an agent identification attribute, a software attribute, a hardware attribute, and an instance identification attribute; determining, using the one or more computing device processors, based on the exclusionary rules associated with the attributes, whether the target attribute is excludable; in response to determining the target attribute is not excludable, determining, using the one or more computing device processors, based on the correlation information, target attribute information associated with the target attribute; determining, using the one or more computing device processors, based on the target attribute information associated with the target attribute, target asset information, wherein a second target attribute excluded by the exclusionary rules is not used in generating the target asset information; determining, using the one or more computing device processors, whether the target asset information at least partially correlates with an asset entry in an asset database, wherein the asset database is operable to store asset entries, wherein at least one asset entry in the asset database is associated with an asset; and in response to determining the target asset information at least partially correlates with the asset entry in the asset database, processing, using the one or more computing device processors, the target asset information. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method for identifying target assets, the method comprising:
-
accessing, using the one or more computing device processors, exclusionary rules associated with attributes; receiving, using the one or more computing device processors, data associated with a target asset of a network, wherein the target asset comprises at least one of a desktop workstation, a server, a laptop, a tablet, a mobile phone, a virtual machine, and a computing device; parsing, using the one or more computing device processors, the data associated with the target asset of the network to identify a target attribute associated with the data, wherein the target attribute comprises at least one of an IP address attribute, a DNS name attribute, a network attribute, an operating system attribute, a NetBIOS name attribute, an agent identification attribute, a software attribute, a hardware attribute, and an instance identification attribute; determining, using the one or more computing device processors, target attribute information associated with the target attribute; determining, using the one or more computing device processors, based on the target attribute information associated with the target attribute, a digital fingerprint for the target asset; determining, using the one or more computing device processors, based on the digital fingerprint for the target asset, whether a target asset information associated with the target attribute information at least partially correlates with an asset entry in an asset database, wherein the asset database is operable to store asset entries, wherein at least one asset entry in the asset database is associated with an asset. - View Dependent Claims (19, 20)
-
Specification