Network security monitoring system employing bi-directional communication
First Claim
1. A method performed by a processor-based manager of providing bi-directional communication, comprising:
- receiving a heartbeat message from a software agent, the software agent configured to periodically send the heartbeat message and further configured to report a security event, wherein the security event originated in an event log that was generated by a network component, and wherein the security event comprises information about operation of the network component; and
in response to receiving the heartbeat message;
identifying the software agent;
determining how to respond to the heartbeat message, including determining a rule-initiated instruction to send to the software agent;
preparing a response message that includes the rule-initiated instruction; and
sending the response message to the software agent.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides for the receipt of a heartbeat message transmitted from a software agent within a host machine to a server-based agent manager. The server-based agent manager analyzes the heartbeat message to determine the identity of the sending software agent. The server-based agent manager then determines what information is to be included in a response message to the software agent. The server-based agent manager prepares the response message to be sent to the software agent. The server-based agent manager transmits the response message to the software agent over a bi-directional communication link between the software agent and the server-based agent manager. The software agent receives the response message; deserializes the response message; reviews the instructions within the response message; and performs operations necessary to carry out the instructions delivered in the response message.
170 Citations
26 Claims
-
1. A method performed by a processor-based manager of providing bi-directional communication, comprising:
-
receiving a heartbeat message from a software agent, the software agent configured to periodically send the heartbeat message and further configured to report a security event, wherein the security event originated in an event log that was generated by a network component, and wherein the security event comprises information about operation of the network component; and in response to receiving the heartbeat message; identifying the software agent; determining how to respond to the heartbeat message, including determining a rule-initiated instruction to send to the software agent; preparing a response message that includes the rule-initiated instruction; and sending the response message to the software agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
-
a bi-directional communication link between a software agent included within a host machine and a server-based agent manager, wherein the software agent is configured to periodically send a heartbeat message and further configured to report a security event, wherein the security event originated in an event log that was generated by a network component, and wherein the security event comprises information about operation of the network component; a first processor comprising; an agent interface component configured to transmit a first message onto and receive a second message from the bi-directional communication link; and an agent heartbeat receiver component configured to deserialize the second message received by the agent interface component; and a second processor comprising an agent-manager interface component configured to receive the first message from the bi-directional communication link and to transmit the second message onto the bi-directional communication link, wherein the second message includes a rule-initiated instruction to send to the software agent. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer storage medium, having stored thereon computer-readable instructions, which when executed in a computer system, cause the computer system to:
-
receive a heartbeat message from a software agent, the software agent configured to periodically send the heartbeat message and further configured to report a security event, wherein the security event originated in an event log that was generated by a network component, and wherein the security event comprises information about operation of the network component; and in response to receiving the heartbeat message; identify the software agent; determine how to respond to the heartbeat message, including determining a rule-initiated instruction to send to the software agent; prepare a response message that includes the rule-initiated instruction; and send the response message to the software agent. - View Dependent Claims (22, 23, 24, 25, 26)
-
Specification