Method and apparatus for alert prioritization on high value end points
First Claim
Patent Images
1. A method of prioritizing alerts on end points, comprising:
- receiving at an aggregator agent that monitors a plurality of end point agents, a signal indicating an out of band operating tolerance from an end point asset;
in response to receiving the signal, gathering at the aggregator agent, information associated with a local environment where the end point asset is located, at least by retrieving data available on a computer running the aggregator agent and by querying one or more other end points agents respectively associated with one or more other end point assets, wherein the aggregator agent, the end point asset and the other end point assets are co-located in the local environment;
determining locally at the aggregator agent a priority of said signal based on a rules engine local to the aggregator agent and at least based on the gathered information;
transmitting said priority of said signal and information associated with said signal to a remote host computer for appropriate handling;
wherein the step of determining locally at the aggregator agent a priority further includes downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately sending the priority of said signal to the remote host computer; and
wherein the step of determining locally at the aggregator agent a priority of said signal further includes re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for prioritizing alerts on end points include an aggregator agent that monitors a plurality of end point agents and receives a signal indicating an out of band operating tolerance from an end point. The aggregator agent locally determines the priority of the received signal based on a rules engine local to the aggregator agent. The aggregator agent transmits the priority of said signal and information associated with said signal to a remote host computer for appropriate handling.
17 Citations
23 Claims
-
1. A method of prioritizing alerts on end points, comprising:
-
receiving at an aggregator agent that monitors a plurality of end point agents, a signal indicating an out of band operating tolerance from an end point asset; in response to receiving the signal, gathering at the aggregator agent, information associated with a local environment where the end point asset is located, at least by retrieving data available on a computer running the aggregator agent and by querying one or more other end points agents respectively associated with one or more other end point assets, wherein the aggregator agent, the end point asset and the other end point assets are co-located in the local environment; determining locally at the aggregator agent a priority of said signal based on a rules engine local to the aggregator agent and at least based on the gathered information; transmitting said priority of said signal and information associated with said signal to a remote host computer for appropriate handling; wherein the step of determining locally at the aggregator agent a priority further includes downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately sending the priority of said signal to the remote host computer; and wherein the step of determining locally at the aggregator agent a priority of said signal further includes re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 22, 23)
-
-
8. A method of prioritizing alerts on end points, comprising:
-
executing an aggregator agent on a mobile object, said aggregator agent enabled to monitor a plurality of end point agents each associated with an asset carried on the mobile object, said aggregator agent further enabled to receive signals indicating out of band operating tolerance from said plurality of end point agents, said aggregator agent in response to receiving a signal indicating out of band operating tolerance, further enabled to gather information associated with the mobile object, at least by retrieving data available on a computer on the mobile object and by querying one or more other end point agents in the mobile object, said aggregator agent further enabled to determine locally priorities of said signals based on a rules engine local to the aggregator agent and at least the gathered information; and receiving at a remote host computer said priorities of said signals and information associated with said signals from said aggregator agent; handling at said host computer said signals based on said priorities; wherein the step of determining locally at the aggregator agent a priority of one of said signals further includes downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately sending the priority of said signal to the remote host computer; and wherein the step of determining locally at the aggregator agent a priority of said signal further includes re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data. - View Dependent Claims (9)
-
-
10. A system for prioritizing alerts on end points, comprising:
-
a processor; an aggregator agent located in a local environment, executing on the processor, and monitoring a plurality of end point agents each attached to an asset located in said local environment, said aggregator agent operable to receive signals from said end point agents; a rules engine comprising a plurality of rules for handling signals from said end point agents, said rules engine located in said local environment; said aggregator agent gathering information associated with the local environment, at least by retrieving data available on a computer running the aggregator agent and by querying one or more other end point agents in the local environment in response to receiving a signal that an end point asset has reached out of band tolerance, said aggregator agent determining locally a priority of said signals received from said end point agents based on said plurality of rules and information associated with said local environment and said asset, and sending said priority of said signals and information associated with said signals to a remote host computer for appropriate handling; wherein the aggregator agent determines the priority of one of said signals by downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately sending the priority of said signal to the remote host computer; and wherein the aggregator agent determines the priority of said signal by re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method of prioritizing alerts on end points, comprising:
-
receiving at an aggregator agent that monitors a plurality of end point agents, a signal indicating an out of band operating tolerance of an end point asset; in response to receiving the signal, gathering at the aggregator agent information associated with a local environment where the end point asset is located, at least by retrieving data available on a computer running the aggregator agent and by querying one or more other end point agents respectively associated with one or more other end point assets, wherein the aggregator agent, the end point asset and the other end point assets are co-located in the local environment; determining locally at the aggregator agent a priority of said signal based on a rules engine local to the aggregator agent and at least based on the gathered information; transmitting said priority of said signal and information associated with said signal to a remote host computer for appropriate handling; wherein the step of determining locally at the aggregator agent a priority further includes downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately transmitting the priority of said signal to the remote host computer; and wherein the step of determining locally at the aggregator agent a priority of said signal further includes re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification