Identifying critical network and application entities
First Claim
1. A computer-implemented method of identifying critical entities in a computer network, the method comprising:
- collecting network flow records for a predetermined period from a plurality of source devices;
applying, using a visualizer, a plurality of rules to a plurality of application-server pairs based upon the collected network flow records;
identifying, among the application-server pairs, one or more candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period for each of the sources;
determining, using the visualizer, a global application-server list including the candidate application-server pairs identified across all of the sources;
adjusting, using the visualizer, importance levels assigned to the application-server pairs based upon said application-server pairs being included in the global application-server list;
repeating the steps of collecting network flow records, applying a plurality of rules, and identifying the candidate application-server pairs during a subsequent predetermined period;
determining another global application-server list based upon the candidate application-server pairs identified across all of the sources during the subsequent predetermined period; and
adjusting the importance levels assigned to the application-server pairs to a lower level if the application-server pairs are not included in said another global application-server list but are included in said global application-server list.
3 Assignments
0 Petitions
Accused Products
Abstract
Critical servers are identified in a network, based upon network flow records collected from the network for a predetermined period. A plurality of rules are applied to application-server pairs based upon the collected network flow records to identify, among the application-server pairs, candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period in excess of a predetermined number of times, in which case the application-server pair is identified as a candidate application-server pair. A global application-server list including application-server pairs identified across all of the sources is determined. A critical server list including servers corresponding to the global application-server list is generated. Various network mappings comprised of the servers in the critical server list are created, and network measures corresponding to the mappings are displayed.
-
Citations
21 Claims
-
1. A computer-implemented method of identifying critical entities in a computer network, the method comprising:
-
collecting network flow records for a predetermined period from a plurality of source devices; applying, using a visualizer, a plurality of rules to a plurality of application-server pairs based upon the collected network flow records; identifying, among the application-server pairs, one or more candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period for each of the sources; determining, using the visualizer, a global application-server list including the candidate application-server pairs identified across all of the sources; adjusting, using the visualizer, importance levels assigned to the application-server pairs based upon said application-server pairs being included in the global application-server list; repeating the steps of collecting network flow records, applying a plurality of rules, and identifying the candidate application-server pairs during a subsequent predetermined period; determining another global application-server list based upon the candidate application-server pairs identified across all of the sources during the subsequent predetermined period; and adjusting the importance levels assigned to the application-server pairs to a lower level if the application-server pairs are not included in said another global application-server list but are included in said global application-server list. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product stored on a non-transitory storage module and adapted to perform a computer-implemented method of identifying critical entities in a computer network, the method comprising:
-
collecting network flow records for a predetermined period from a plurality of sources; applying a plurality of rules to a plurality of application-server pairs based upon the collected network flow records; identifying, among the application-server pairs, one or more candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period for each of the sources; determining a global application-server list including the candidate application-server pairs identified across all of the sources; adjusting importance levels assigned to the application-server pairs based upon said application-server pairs being included in the global application-server list; and repeating the steps of collecting network flow records, applying a plurality of rules, and identifying the candidate application-server pairs during a subsequent predetermined period; determining another global application-server list based upon the candidate application-server pairs identified across all of the sources during the subsequent predetermined period; and adjusting the importance levels assigned to the application-server pairs to a lower level if the application-server pairs are not included in said another global application-server list but are included in said global application-server list. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for identifying critical entities in a computer network, the system comprising:
-
a processor; a storage module coupled to the processor, the storage module including instructions that when executed by the processor cause the processor to implement; a network flow record collection module for collecting network flow records for a predetermined period from a plurality of sources, the network flow record collection module repeats collecting network flow records during a subsequent predetermined period; and a critical network entity identification module for applying a plurality of rules to a plurality of application-server pairs based upon the collected network flow records, and identifying, among the application-server pairs, one or more candidate application-server pairs that satisfy at least one of the plurality of rules during the predetermined period for each of the sources, determining a global application-server list including the candidate application-server pairs identified across all of the sources, and adjusting importance levels assigned to the application-server pairs based upon said application-server pairs being included in the global application-server list; wherein the critical network entity identification module repeats applying the plurality of rules and identifying the candidate application-server pairs during the subsequent predetermined period; and the critical network entity identification module determines another global application-server list based upon the candidate application-server pairs identified across all of the sources during the subsequent predetermined period and adjusts the importance levels assigned to the application-server pairs to a lower level if the application-server pairs are not included in said another global application-server list but are included in said global application-server list. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification