Scoring and interpreting change data through inference by correlating with change catalogs
First Claim
1. A method comprising:
- receiving, by a monitor server, change data associated with a plurality of changes captured on a target host, the target host providing the change data in response to detecting the plurality of changes, wherein the change data includes at least one rule change detected on the target host;
determining, by the monitor server, whether the at least one rule change is in compliance with one or more compliance policies, thereby generating test results;
analyzing, by the monitor server, the test results in order to group the change data into clusters; and
correlating, by the monitor server, the clusters with at least one change catalog that includes a plurality of expected rule violations in order to classify the clusters with at least one potential reason for the plurality of changes.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and articles for receiving, by a monitor server, change data associated with a change captured on a target host, are described herein. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Further, in some embodiments, the monitor server may then group the change data into clusters and may correlate the clusters with a change catalog in order to provide a possible reason or cause for the cluster of changes. Once the change data have been classified as clusters, a report may be generated providing classification or categorization and cluster information for the various changes. In various embodiments, the generating may comprise generating a report to the target host and/or to an administrative user.
-
Citations
25 Claims
-
1. A method comprising:
-
receiving, by a monitor server, change data associated with a plurality of changes captured on a target host, the target host providing the change data in response to detecting the plurality of changes, wherein the change data includes at least one rule change detected on the target host; determining, by the monitor server, whether the at least one rule change is in compliance with one or more compliance policies, thereby generating test results; analyzing, by the monitor server, the test results in order to group the change data into clusters; and correlating, by the monitor server, the clusters with at least one change catalog that includes a plurality of expected rule violations in order to classify the clusters with at least one potential reason for the plurality of changes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 20, 21)
-
-
9. A monitor server comprising:
-
a processor; a change database for storing change data associated with a plurality of changes captured on a target host, the target host providing the change data in response to detecting the plurality of changes, wherein the change data includes an identifier of a rule or a collection policy responsible for the captured change; and logic communicatively coupled to the change database and configured to be operated by the processor to; receive the change data; store the change data in the change database; analyze the change data in order to group the change data into clusters, wherein the plurality of changes is grouped with a respective cluster of the clusters; and correlate the clusters with one or more expected rule violations or collection policy changes stored in the at least one change catalog in order to classify the clusters with at least one potential reason for the plurality of changes. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 22, 23)
-
-
18. An article of manufacture comprising:
-
a non-transitory storage medium; and a plurality of programming instructions stored on the storage medium and configured to program a monitor server to;
receive change data associated with a plurality of changes captured on a target host, the target host providing the change data in response to detecting the plurality of changes, wherein the change data includes an identification of the rule or collection policy responsible for the capturing of the change data, and wherein the change data includes element data of an element of the target host for which at least one of the plurality of changes are detected;filter the received change data to conditionally determine whether element data meets one or more compliance policies, the determining comprising evaluating an expression of at least one of the compliance policies against at least a portion of the element data; analyze the filtered change data in order to group the change data into clusters; and
correlate the clusters with at least one change catalog in order to classify the clusters with at least one potential reason for the plurality of changes. - View Dependent Claims (19, 24, 25)
-
Specification