On-box active reconnaissance
First Claim
Patent Images
1. A computer-implemented method of monitoring events in a network, comprising:
- monitoring activities received over the network associated with a node located remotely over the network;
collecting event information associated with the monitored activities and based on a set of collection rules, the collection rules specifying a set of patterns associated with a triggering event and a timeout window for collection of the event information, the event information being stored in a database;
determining whether a portion of the collected event information stored in the database complies or potentially complies with one of the set of patterns and is considered a supporting event of the triggering event;
selecting event information as supporting events from the collected event information stored in the database based on the determination, and if none of the collected event information is found to be a supporting event, establishing a temporary rule to forward any future supporting events that comply with or potentially comply with one of the set of patterns; and
sending the selected event information and future supporting events to a manager associated with the node and other nodes over the network;
wherein the temporary rule is automatically removed when the timeout window has elapsed.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of monitoring events in a network associated with a node. An agent collects event information associated with the monitored activities, based on a set of collection rules. A determination is made whether a portion of the collected event information complies or potentially complies with one of a set of patterns. An agent selects event information from the collection based on the determination, and makes the selected event information available to a manager associated with the node and other nodes in the network. The agent manager receives event information from a plurality of agents. A triggering event is identified, as a function of the set of patterns, based on the event information. The agent manager sends at least one request to a selected set of the agents for additional event information when a triggering event is identified.
-
Citations
9 Claims
-
1. A computer-implemented method of monitoring events in a network, comprising:
-
monitoring activities received over the network associated with a node located remotely over the network; collecting event information associated with the monitored activities and based on a set of collection rules, the collection rules specifying a set of patterns associated with a triggering event and a timeout window for collection of the event information, the event information being stored in a database; determining whether a portion of the collected event information stored in the database complies or potentially complies with one of the set of patterns and is considered a supporting event of the triggering event; selecting event information as supporting events from the collected event information stored in the database based on the determination, and if none of the collected event information is found to be a supporting event, establishing a temporary rule to forward any future supporting events that comply with or potentially comply with one of the set of patterns; and sending the selected event information and future supporting events to a manager associated with the node and other nodes over the network; wherein the temporary rule is automatically removed when the timeout window has elapsed. - View Dependent Claims (2)
-
-
3. A computer system for monitoring events in a network, the system comprising:
-
an event monitor configured to monitor activities associated with a node; an event collector configured to collect event information associated with the monitored activities and based on a set of collection rules, the collection rules specifying a set of patterns associated with a triggering event and a timeout window for collection of the event information; an event selector configured to determine whether a portion of the collected event information complies or potentially complies with one of the set of patterns and is considered a supporting event of the triggering event and select event information as supporting events from the collection based on the determination, and if none of the collected event information is found to be a supporting event, establish a temporary rule to forward any future supporting events that comply with or potentially comply with one of the set of patterns; and an event transmitter configured to make the selected event information and future supporting events available to a manager associated with the node and other nodes in the network; wherein the temporary rule is automatically removed when the timeout window has elapsed. - View Dependent Claims (4, 5)
-
-
6. A computer system for monitoring events in a network, the system comprising:
-
a set of agents, each of which; monitors activities associated with a node, determines whether a portion of collected event information complies or potentially complies with one of a set of stored patterns and is considered a supporting event of a triggering event, and selects event information as supporting events from the collection based on the determination, and if none of the collected event information is found to be a supporting event, establishes a temporary rule to forward any future supporting events that comply with or potentially comply with one of the set of patterns; and a manager that; receives event information from each of the set of agents, identifies a triggering event based on the received event information, wherein the triggering event is an event with the least likelihood of occurrence from among the events in a network, and sends at least one request for supporting event information of the triggering event to a selected agent when a triggering event is identified.
-
-
7. A non-transitory computer-readable medium including instructions for performing a method for monitoring events in a network, the method comprising:
-
monitoring activities associated with a node; collecting event information associated with the monitored activities and based on a set of collection rules, the collection rules specifying a set of patterns associated with a triggering event and a timeout window for collection of the event information; determining whether a portion of the collected event information complies or potentially complies with one of the set of patterns and is considered a supporting event of the triggering event; selecting event information as supporting events from the collected event information based on the determination, and if none of the collected event information is found to be a supporting event, establishing a temporary rule to forward any future supporting events that comply with or potentially comply with one of the set of patterns; and making the selected event information and future supporting events available to a manager associated with the node and other nodes in the network; wherein the temporary rule is automatically removed when the timeout window has elapsed. - View Dependent Claims (8, 9)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
-
Original AssigneeSymantec Corporation (NortonLifeLock Inc.)
-
InventorsKienzle, Darrell, Swinton, Paul
-
Primary Examiner(s)Dinh; Minh
-
Assistant Examiner(s)Perungavoor; Venkat
-
Application NumberUS11/030,139Time in Patent Office2,300 DaysField of Search726 22- 25, 726 11- 12, 726/16, 713153-155US Class Current726/23CPC Class CodesH04L 41/0604 using filtering, e.g. reduc...H04L 41/0631 using root cause analysis; ...H04L 41/0681 Configuration of triggering...H04L 63/1408 by monitoring network traff...H04L 69/28 Timers or timing mechanisms...
