Method and apparatus for continuous compliance assessment

US 10,013,420 B1
Filed: 12/15/2014
Issued: 07/03/2018
Est. Priority Date: 07/03/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a server, change data associated with a change detected by a target host, wherein the target host applies one or more collection policies defining what types of change data are to be detected by the target host and provides the change data in response to detecting that one or more rules, settings, and/or parameters at the target host, defined by a respective one of the one or more collection policies, have changed, wherein the change data includes an identification of the target host, an identification of the respective one of the one or more collection policies responsible for the change data, and the one or more changed rules, settings, and/or parameters;

filtering, by the server, the received change data, wherein the filtering includes determining whether the target host specified in the change data is associated with one or more waivers specified by one or more compliance policies; and

conditional on the target host not being associated with the one or more waivers specified by the one or more compliance policies, determining, by the server, whether the one or more rules, settings, and/or parameters meet the one or more compliance policies and generating one or more test results based at least on the determining.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, a compliance server receives change data associated with a change captured on a target host. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Also, in various embodiments, the compliance server may determine whether the one or more rules, settings, and/or parameters meet one or more compliance policies and generate one or more test results based at least on the results of the determining. Further, in some embodiments, the target host may detect a change to a rule, setting, and/or parameter based on a collection policy defining what change data is to be collected by the target host and provide data associated with the rule, setting, and/or parameter as change data to the compliance server.

162 Citations

26 Claims

1. A method comprising:
- receiving, by a server, change data associated with a change detected by a target host, wherein the target host applies one or more collection policies defining what types of change data are to be detected by the target host and provides the change data in response to detecting that one or more rules, settings, and/or parameters at the target host, defined by a respective one of the one or more collection policies, have changed, wherein the change data includes an identification of the target host, an identification of the respective one of the one or more collection policies responsible for the change data, and the one or more changed rules, settings, and/or parameters;
  
  filtering, by the server, the received change data, wherein the filtering includes determining whether the target host specified in the change data is associated with one or more waivers specified by one or more compliance policies; and
  
  conditional on the target host not being associated with the one or more waivers specified by the one or more compliance policies, determining, by the server, whether the one or more rules, settings, and/or parameters meet the one or more compliance policies and generating one or more test results based at least on the determining.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising storing, by the server, the received change data in a change database.
  - 3. The method of claim 1, wherein the change data includes a rule that generated the change, a specific element name associated with the change, and element data associated with the change.
  - 4. The method of claim 1, wherein each of the one or more compliance policies includes a rule and an expression for evaluating element data of the change.
  - 5. The method of claim 1, wherein the determining comprises evaluating an expression of at least one of the one or more compliance policies against element data specified in the change data.
  - 6. The method of claim 1, wherein the generating the one or more test results comprises generating a report to an administrative user.
  - 7. The method of claim 1, further comprising receiving or retrieving, by the server, new or updated compliance policies.
  - 8. The method of claim 1, further comprising repeating the receiving, the filtering, and the conditional determining and generating in real time each time the target host captures an additional change.
  - 9. The method of claim 1, wherein one or more of the one or more collection policies are periodically received from the server.

10. A compliance server comprising:
- a memory or storage device storing a change database for storing change data associated with a change captured on a target host, wherein the target host applies a plurality of collection policies defining what types of change data are to be detected by the target host and provides the change data in response to detecting the change, wherein the change data includes an identification of the target host, an identification of the respective one of the plurality of collection policies responsible for the change data, and one or more changed rules, settings, and/or parameters; and
  
  a hardware processor, the hardware processor being programmed to;
  
  receive, from the target host, the change data associated with the change captured on the target host,filter the received change data, the filtering including determining whether the target host specified in the change data is associated with one or more waivers specified by one or more compliance policies, andif the target host is not associated with the one or more waivers specified by the one or more compliance policies, determine whether the one or more changed rules, settings, and/or parameters meet the one or more compliance policies and generate one or more test results based at least on the determining.
- View Dependent Claims (11, 12, 13)
- - 11. The compliance server of claim 10, further comprising an event listener to listen for generated events.
  - 12. The compliance server of claim 10, wherein the one or more compliance policies ensure that the target host is in compliance with one or more standards.
  - 13. The compliance server of claim 10, wherein the hardware processor is further programmed to evaluate an expression of at least one of the one or more compliance policies against element data specified in the change data.

14. A method comprising:
- monitoring a change database to detect whether any new change data has been received from target hosts;
  
  upon detecting the new change data in the change database, notifying logic of a server of the new change data, the new change data being associated with a change captured on a target host, wherein the target host applies one or more collection policies defining what types of change data are to be detected by the target host and provides the new change data in response to detecting the change, wherein the new change data includes data identifying the target host, data identifying a respective one of the one or more collection policies responsible for the change data, and data identifying a change to a registry setting or configuration parameter at the target host;
  
  determining, by the server, whether the change to the registry setting or configuration parameter meets one or more compliance policies;
  
  generating, by the server, one or more test results based at least on the determining; and
  
  when the change to the registry setting or configuration parameter does not meet the one or more compliance policies, generating appropriate element data for the target host to place the target host into compliance with the one or more compliance policies.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein the new change data includes a rule that generated the change, a specific element name associated with the change, and element data associated with the change.
  - 16. The method of claim 14, wherein each of the one or more compliance policies includes one or more of a rule, a change name, one or more waivers from the policy, or an expression for evaluating element data of the change.
  - 17. The method of claim 14, further comprising receiving or retrieving, by the server, new or updated compliance policies stored remotely from the server.
  - 18. The method of claim 14, wherein the one or more compliance policies ensure that the target host is in compliance with one or more standards.

19. A method comprising:
- monitoring a change database to detect whether any new change data has been received from target hosts;
  
  upon detecting the new change data in the change database, notifying logic of a server of the new change data, the new change data being associated with a change detected at a target host, wherein the new change data includes data identifying the target host and data identifying a change to a registry setting or configuration parameter at the target host;
  
  determining, by the server, whether the change to the registry setting or configuration parameter meets one or more compliance policies;
  
  generating, by the server, one or more test results based at least on the results of the determining; and
  
  when the change to the registry setting or configuration parameter does not meet the one or more compliance policies, generating appropriate element data for the target host to place the target host into compliance with the one or more compliance policies, wherein the new change data includes a rule that generated the change, an identification of the target host from which the change data was collected, a specific element name associated with the change, and element data associated with the change.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19, wherein each compliance policy includes one or more of a rule, a change name, one or more waivers from the policy, or an expression for evaluating element data of the change.
  - 21. The method of claim 19, further comprising receiving or retrieving, by the server, new or updated compliance policies stored remotely from the server.
  - 22. The method of claim 19, wherein the one or more compliance policies ensure that the target host is in compliance with one or more standards.

23. A non-transitory storage medium storing computer-executable instructions which when executed by a computing device of a server cause the computing device to perform a method, the method comprising:
- monitoring a change database to detect whether any new change data has been received from target hosts;
  
  upon detecting the new change data in the change database, notifying logic of a server of the new change data, the new change data being associated with a change detected at a target host, wherein the new change data includes data identifying the target host and data identifying a change to a registry setting or configuration parameter at the target host;
  
  determining, by the server, whether the change to the registry setting or configuration parameter meets one or more compliance policies;
  
  generating, by the server, one or more test results based at least on results of the determining; and
  
  when the change to the registry setting or configuration parameter does not meet the one or more compliance policies, generating appropriate element data for the target host to place the target host into compliance with the one or more compliance policies, wherein the new change data includes a rule that generated the change, an identification of the target host from which the change was collected, a specific element name associated with the change, and element data associated with the change.
- View Dependent Claims (24, 25, 26)
- - 24. The non-transitory storage medium of claim 23, wherein each compliance policy includes one or more of a rule, a change name, one or more waivers from the policy, or an expression for evaluating element data of the change.
  - 25. The non-transitory storage medium of claim 23, further comprising receiving or retrieving, by the server, new or updated compliance policies stored remotely from the server.
  - 26. The non-transitory storage medium of claim 23, wherein the one or more compliance policies ensure that the target host is in compliance with one or more standards.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tripwire Incorporated (Belden Inc.)
Original Assignee
Tripwire Incorporated (Belden Inc.)
Inventors
DiFalco, Robert
Primary Examiner(s)
Hoang, Son T

Application Number

US14/570,737
Time in Patent Office

1,296 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/122 using management policies b...

H04L 43/50 Testing arrangements

Method and apparatus for continuous compliance assessment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

162 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for continuous compliance assessment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

162 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others