Use of inference techniques to facilitate categorization of system change information

US 8,600,996 B2
Filed: 12/08/2009
Issued: 12/03/2013
Est. Priority Date: 12/08/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a computing device executing programming instructions for a monitor server, change data associated with a plurality of changes captured on a target host, the target host providing the change data in response to detecting the plurality of changes to target host data using one or more rules or collection policies to capture the changes, wherein the change data includes at least one or more of the following;

rules, settings, or parameters;

analyzing, by the monitor server, the change data in order to group the change data into clusters;

classifying, by the monitor server, the clusters relating to at least one potential reason for the plurality of changes in order to categorize at least some of the clusters;

determining, by the monitor server, whether the change data violate one or more compliance policies;

generating, by the monitor server, one or more test results based at least on the results of the determining;

analyzing, by the monitor server, the one or more test results in order to group the one or more test results into test result clusters; and

classifying, by the monitor server, the test result clusters relating to at least one potential reason for the plurality of changes in order to categorize at least some of the test result clusters.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and articles for receiving, by a monitor server, change data associated with a change captured on a target host, are described herein. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Further, in some embodiments, the monitor server may analyze the change data in order to group the change data into clusters. Once the change data have been classified as clusters, a report may be generated providing classification or categorization and cluster information for the various changes. In various embodiments, the generating may comprise generating a report to the target host and/or to an administrative user.

Citations

18 Claims

1. A method comprising:
- receiving, by a computing device executing programming instructions for a monitor server, change data associated with a plurality of changes captured on a target host, the target host providing the change data in response to detecting the plurality of changes to target host data using one or more rules or collection policies to capture the changes, wherein the change data includes at least one or more of the following;
  
  rules, settings, or parameters;
  
  analyzing, by the monitor server, the change data in order to group the change data into clusters;
  
  classifying, by the monitor server, the clusters relating to at least one potential reason for the plurality of changes in order to categorize at least some of the clusters;
  
  determining, by the monitor server, whether the change data violate one or more compliance policies;
  
  generating, by the monitor server, one or more test results based at least on the results of the determining;
  
  analyzing, by the monitor server, the one or more test results in order to group the one or more test results into test result clusters; and
  
  classifying, by the monitor server, the test result clusters relating to at least one potential reason for the plurality of changes in order to categorize at least some of the test result clusters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the classifying the clusters comprises inferring a categorization for at least some of the clusters based upon at least one known enterprise change.
  - 3. The method of claim 1, wherein the change data includes a rule that generated the change, the target host or node from which the change data was collected, a specific element name associated with the change, and element data associated with the change.
  - 4. The method of claim 1, further comprising generating a report, the report relating the categorization of the at least some of the clusters.
  - 5. The method of claim 1, wherein each compliance policy includes at least one or more of the following:
    - a rule, a change name, one or more waivers from the policy, or an expression for evaluating element data of the change.
  - 6. The method of claim 1, further comprising filtering, by the monitor server, the received change data and conditionally performing the determining based on a result of the filtering.
  - 7. The method of claim 1, wherein the determining comprises evaluating an expression of at least one of the compliance policies against element data specified in the change data.
  - 8. The method of claim 1, further comprising generating a report, the report relating the categorization of the at least some of the test result clusters.

9. A monitor server residing on a computing device comprising:
- a processor;
  
  a change database for storing change data associated with a plurality of changes captured on a target host, the target host providing the change data to the monitor server in response to detecting the plurality of changes, wherein the change data includes at least one or more of the following;
  
  rules, settings, or parameters; and
  
  one or more logic components communicatively coupled to the change database and to be operated by the processor to;
  
  receive the change data;
  
  store the change data in the change database;
  
  analyze the change data in order to group the change data into clusters;
  
  classify the clusters relating to at least one potential reason for the plurality of changes in order to categorize at least some of the clusters;
  
  determine whether the change data violate one or more compliance policies;
  
  generate one or more test results based at least on the results of the determining;
  
  analyze the one or more test results in order to group the one or more test results into test result clusters; and
  
  classify the test result clusters relating to at least one potential reason for the plurality of changes in order to categorize at least some of the test result clusters.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The monitor server of claim 9, wherein the logic is further to:
    - classify the clusters relating to a potential reason for the plurality of changes by inferring a categorization for at least some of the clusters based upon at least one known enterprise change.
  - 11. The monitor server of claim 9, wherein the logic is further to:
    - generate a report, the report relating to the categorization of the at least some of the clusters.
  - 12. The monitor server of claim 9, wherein the compliance policies ensure that the target host is in compliance with one or more standards.
  - 13. The monitor server of claim 9, wherein the logic is further to:
    - filter the received change data and conditionally perform the determining based on a result of the filtering.
  - 14. The monitor server of claim 9, wherein the logic is further to:
    - evaluate an expression of at least one of the compliance policies against element data specified in the change data.
  - 15. The monitor server of claim 9, wherein the logic is further to:
    - generate a report, the report relating to the categorization of the at least some of the test result clusters.

16. An article of manufacture comprising:
- a storage medium; and
  
  a plurality of programming instructions stored on the storage medium and configured to program a computing device executing a monitor server to;
  
  receive change data provided by a target host in response to detecting one or more changes captured on the target host, wherein the change data includes at least one or more of the following;
  
  rules, settings, or parameters;
  
  analyze the change data in order to group the change data into clusters;
  
  classify the clusters relating to at least one potential reason for the plurality of changes in order to categorize at least some of the clusters;
  
  determine whether the change data violate one or more compliance policies;
  
  generate one or more test results based at least on the results of the determining;
  
  analyze the one or more test results in order to group the one or more test results into test result clusters; and
  
  classify the test result clusters relating to at least one potential reason for the plurality of changes in order to categorize at least some of the test result clusters.
- View Dependent Claims (17, 18)
- - 17. The article of manufacture of claim 16, wherein the plurality of programming instructions is further configured to program the monitor server to:
    - classify the clusters relating to a potential reason for the plurality of changes by inferring a categorization for at least some of the clusters based upon at least one known enterprise change.
  - 18. The article of manufacture of claim 16, wherein the plurality of programming instructions are configured to generate a report based at least on the results of the classifying by the monitor server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tripwire Incorporated (Belden Inc.)
Original Assignee
Tripwire Incorporated (Belden Inc.)
Inventors
Good, Tom, Kim, Gene, Whitlock, David
Primary Examiner(s)
Lee, Wilson
Assistant Examiner(s)
Le, Jessica N

Application Number

US12/633,747
Publication Number

US 20110137905A1
Time in Patent Office

1,456 Days
Field of Search

707/687, 707/737, 707/740, 707/754
US Class Current

707/740
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/3051   Monitoring arrangements for...

G06F 11/3075   the data filtering being ac...

G06F 11/3082   the data filtering being ac...

Use of inference techniques to facilitate categorization of system change information

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Use of inference techniques to facilitate categorization of system change information

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links