Security monitoring tool for computer network
First Claim
1. A computer security monitoring method, comprising;
- storing information at at least one computer system about a plurality of known Hosts, each of the known hosts being an entity of a computer network, the at least one computer system programmed for computer security monitoring and operatively communicating with the computer network;
receiving data at the at least one computer system from one or more sources;
associating and storing with the at least one computer system at least some of the data and at least some information about a first of the known hosts with at least two hosts if it is determined by the at least one computer system that, based on the data, the information associated with the first known host is more accurately associated with the at least two hosts; and
associating and storing with the at least one computer system at least some of the data and at least some information about at least two of the known hosts with a single host if it is determined by the at least one computer system that, based on the data, the information associated with the at least two known hosts is more accurately associated with the single host.
0 Assignments
0 Petitions
Accused Products
Abstract
A security monitoring tool and method for a computer network receives data and determines whether the data is associated with a host already stored in a database. Based on the determination, the tool stores the data as a new host or associates it with an existing host. The tool also uses the received data to improve how previously stored data is associated with hosts. In one aspect, the tool determines whether the received data indicates that data currently associated with a stored host represents data for at least two hosts. If so, the tool splits the data into two hosts and associates the received data to the appropriate host. In another aspect, the tool determines whether the received data indicates that data currently associated with two or more hosts represent data for only one host. If so, the tool merges the data into one host and associates the received data with that host.
30 Citations
34 Claims
-
1. A computer security monitoring method, comprising;
-
storing information at at least one computer system about a plurality of known Hosts, each of the known hosts being an entity of a computer network, the at least one computer system programmed for computer security monitoring and operatively communicating with the computer network; receiving data at the at least one computer system from one or more sources; associating and storing with the at least one computer system at least some of the data and at least some information about a first of the known hosts with at least two hosts if it is determined by the at least one computer system that, based on the data, the information associated with the first known host is more accurately associated with the at least two hosts; and associating and storing with the at least one computer system at least some of the data and at least some information about at least two of the known hosts with a single host if it is determined by the at least one computer system that, based on the data, the information associated with the at least two known hosts is more accurately associated with the single host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory programmable storage device having program instructions stored thereon for causing at least one programmable control device to perform a computer security monitoring method, comprising;
-
storing information about a plurality of known hosts, each of the known hosts being an entity of a computer network; receiving data from one or more sources; associating and storing at least some of the data and at least some information about a first of the known hosts with at least two hosts if it is determined by the at least one programmable control device that, based on the data, the information associated with the first known host is more accurately associated with the at least two hosts; and associating and storing at least some of the data and at least some information about at least two of the known hosts with a single host if it is determined by the at least one programmable control device that, based on the data, the information associated with the at least two known hosts is more accurately associated with the single host.
-
-
20. A computer system programmed with a computer security monitoring tool, comprising:
-
at least one database storing information on a plurality of known hosts, each known host being an entity of a computer network; an interface module receiving data from one or more sources; and at least one program module associating the data with hosts and storing the data in the at least one database, the at least one program module configured to split the information currently associated with one of the known hosts into at least two hosts if it is determined by the at least one program module that, based on the data, the information currently associated with the one known host is more accurately associated with the at least two hosts; and merge the information currently associated with at least two known hosts into a single host if it is determined by the at least one program module that, based on the data, the information currently associated with the at least two hosts is more accurately associated with the single host. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification