Systems and methods for monitoring messaging systems

US 8,185,598 B1
Filed: 07/08/2011
Issued: 05/22/2012
Est. Priority Date: 11/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for auditing messaging activity in an exchange server electronic messaging system, the method comprising:

adding a hook executing in one or more computer processors to an exchange server electronic messaging service, the hook configured to detect a request by a user to access a mailbox associated with the exchange server electronic messaging service; and

when data associated with the request is changing at least one folder permission of a folder associated with the mailbox, issuing an alert when an identity of the user is not the same as an identity of an owner of the mailbox, the alert reporting at least one of information on the particular mailbox accessed, the identity of the user, a path to the folder in the mailbox, a folder name, one or more new folder permission values, and one or more old folder permission values with respect to the mailbox.

View all claims

24 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for monitoring and/or auditing of events in an electronic messaging environment, such as Microsoft® Exchange, are described. One or more monitoring components are installed on messaging system servers to collect, in real-time, information on messaging system events. Certain embodiments are configured to audit and/or provide alerts regarding non-owner activity, such as when a user or administrator has gained access to another user'"'"'s mailbox. Alerts can advantageously facilitate prompt corrective action by delivering detailed information about the access activity, such as which email message or folder was accessed, when the access occurred, from what location (e.g., IP address) when the access was initiated, and the type of access, as well as permission changes made to the mailbox or folders. The monitoring systems can also be configured to audit changes to client permissions for folders and delegate assignment and/or changes to configuration objects of the messaging system.

98 Citations

View as Search Results

20 Claims

1. A method for auditing messaging activity in an exchange server electronic messaging system, the method comprising:
- adding a hook executing in one or more computer processors to an exchange server electronic messaging service, the hook configured to detect a request by a user to access a mailbox associated with the exchange server electronic messaging service; and
  
  when data associated with the request is changing at least one folder permission of a folder associated with the mailbox, issuing an alert when an identity of the user is not the same as an identity of an owner of the mailbox, the alert reporting at least one of information on the particular mailbox accessed, the identity of the user, a path to the folder in the mailbox, a folder name, one or more new folder permission values, and one or more old folder permission values with respect to the mailbox.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the identity of the user includes an internet protocol (IP) address of the user.
  - 3. The method of claim 1, wherein the data associated with the request includes read access.
  - 4. The method of claim 1, further comprising monitoring a directory service associated with the exchange server electronic messaging service, the directory service installed on a domain controller.
  - 5. The method of claim 1, wherein the hook is added to a native function of the exchange server electronic messaging service.
  - 6. The method of claim 1, further comprising compiling one or more logs identifying messaging activity of interest.
  - 7. The method of claim 1, wherein the alert includes at least one of an email message, a text message, a pop-up window, and a pager notification.
  - 8. The method of claim 1, further comprising detecting changes to mailbox permission values to at least one mailbox of the exchange server electronic messaging service.
  - 9. The method of claim 1, wherein the data associated with the request includes one or more new mailbox permission values and one or more old mailbox permission values associated with the mailbox.
  - 10. The method of claim 1, wherein the data associated with the request includes one or more new scheduled tasks with a system context, the one or more new scheduled tasks associated with the mailbox.
  - 11. The method of claim 1, wherein the data associated with the request includes one or more new delegates and one or more old delegates associated with the mailbox.

12. A system for auditing user activity in an exchange server electronic messaging environment, the system comprising:
- computer hardware including at least one computer processor; and
  
  a plurality of components stored in computer-readable storage and comprising computer-readable instructions that, when executed by the at least one computer processor, cause the computer hardware to perform operations defined by the computer-readable instructions, the components including;
  
  a hook added to an exchange server electronic messaging service, the hook configured to detect a request by a user to access a mailbox associated with the exchange server electronic messaging service; and
  
  a user interface component configured to automatically generate an alert in response to an identity of the user not being the same as an identity of an owner of the mailbox when data associated with the request is changing at least one folder permission of a folder associated with the mailbox, the alert reporting at least one of information identifying the accessed mailbox, the identity of the user, a path to the folder in the mailbox, a folder name, one or more new folder permission values, and one or more old folder permission values with respect to the mailbox.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the hook is added to a JetRetrieveColumns function of the exchange server electronic messaging service.
  - 14. The system of claim 12, further including one or more logs identifying messaging activity of interest.
  - 15. The system of claim 12, wherein the data associated with the request includes one or more new mailbox permission values and one or more old mailbox permission values with respect to the mailbox.
  - 16. The system of claim 12, wherein the data associated with the request includes one or more new scheduled tasks with a system context, the one or more new scheduled tasks associated with the mailbox.
  - 17. The system of claim 12, wherein the data associated with the request includes one or more new delegates and one or more old delegates with respect to the mailbox.
  - 18. The system of claim 12, further comprising, when data associated with the request is changing at least one delegate assignment or at least one delegate permission associated with the mailbox, the user interface component configured to automatically generate the alert when the identity of the user is not the same as the identity of the owner of the mailbox, the alert reporting at least one of information identifying the accessed mailbox, the identity of the user, a location of the delegate permission change, a location of the delegate assignment change, one or more old delegate assignments, one or more new delegate assignments, one or more old delegate permission values, and one or more new delegate permission values with respect to the mailbox.
  - 19. The system of claim 12, further comprising, when data associated with the request is changing at least one parameter of server protocols associated with the exchange server electronic messaging service, the user interface component configured to automatically track at least one of a location of the changed parameter, a name of the changed parameter, one or more old values of the changed parameter, one or more new values of the changed parameter, and a time when the changed parameter was changed.

20. A system for auditing activity in an exchange server electronic messaging service, the system comprising:
- computer hardware including at least one computer processor; and
  
  a plurality of components stored in computer-readable storage and comprising computer-readable instructions that, when executed by the at least one computer processor, cause the computer hardware to perform operations defined by the computer-readable instructions, the components including;
  
  means for adding a hook to an exchange server electronic messaging service, the hook configured to detect a request by a user to access a mailbox and to obtain data associated with the request; and
  
  means for issuing an alert in response to an identity of the user not being the same as an identity of an owner of the mailbox when data associated with the request is changing at least one folder permission of a folder associated with the mailbox, the alert reporting at least one of information identifying the accessed mailbox, the identity of the user, a path to the folder in the mailbox, a folder name, one or more new folder permission values, and one or more old folder permission values with respect to the mailbox.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Golovin, Roman Alexandrovich, Sotnikov, Dmitry Arkadievich, Galla, Konstantin Alexanderovich, Bushmakin, Evgeney Sergeevich, Agafonov, Artyom Vitalievich, Masten, Lance
Primary Examiner(s)
Donaghue, Larry
Assistant Examiner(s)
TAYLOR, NICHOLAS R

Application Number

US13/179,356
Time in Patent Office

319 Days
Field of Search

709/206, 709/224, 709/225
US Class Current

709/206
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/604   Tools and structures for ma...

G06F 2221/2117   User registration

G06F 2221/2141   Access rights, e.g. capabil...

H04L 51/234   for tracking messages

H04L 63/1425   Traffic logging, e.g. anoma...

Systems and methods for monitoring messaging systems

First Claim

24 Assignments

0 Petitions

Accused Products

Abstract

98 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for monitoring messaging systems

First Claim

24 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links