Privileged session analytics
First Claim
1. A system comprising:
- a processor; and
a memory device including instructions that, when executed by the processor, cause the processor to;
responsive to a first user requesting access from a first client device to a privileged account on a target system, send, to the first client device, access information to enable the first user using the first client device to access the privileged account;
based on the first client device accessing the privileged account using the access information, send, to the target system, a request to establish a session between the first client device and the target system;
receive, from the target system, metadata captured by the target system, wherein the metadata is indicative of activity performed by the first user operating the first client device during the session with the target system;
determine a first activity pattern for the session based on the metadata, the first activity pattern comprising a sequence of activities performed by the first user during the session, wherein each activity in the sequence of activities is associated with an activity weight, and wherein an activity weight associated with an activity in the sequence of activities is based on a position of the activity in the sequence of activities;
determine, based on each activity weight of each activity in the sequence of activities, a first total weight;
identify, based at least on a first subsequence of the first activity pattern, a second activity pattern comprising a second subsequence that corresponds to the first subsequence of the first activity pattern, the second activity pattern having a second total weight;
compare the first total weight to the second total weight to determine that the second total weight is within a pre-determined threshold of the first total weight;
in response to determining that the second total weight is within the pre-determined threshold of the first total weight, determine an action to be performed for the first activity pattern; and
transmit the action to a second client device, wherein the action is an action to be performed for the session.
1 Assignment
0 Petitions
Accused Products
Abstract
A privileged account manager is provided for monitoring privileged sessions on target systems of an enterprise. In an embodiment, the privileged account manager is configured to capture metadata related to a privileged session and generate a first activity pattern for the privileged session based on the captured metadata. The first activity pattern may include a sequence of one or more activities performed by a first user during the privileged session. The privileged account manager may be configured to identify a second activity pattern that comprises at least a subset of the one or more activities performed by the first user during the privileged session and determine an appropriate action to be performed for the first activity pattern based on the identification of the second activity pattern. In some embodiments, the privileged account manager may be configured to transmit the action to a second user on a client device.
55 Citations
20 Claims
-
1. A system comprising:
-
a processor; and a memory device including instructions that, when executed by the processor, cause the processor to; responsive to a first user requesting access from a first client device to a privileged account on a target system, send, to the first client device, access information to enable the first user using the first client device to access the privileged account; based on the first client device accessing the privileged account using the access information, send, to the target system, a request to establish a session between the first client device and the target system; receive, from the target system, metadata captured by the target system, wherein the metadata is indicative of activity performed by the first user operating the first client device during the session with the target system; determine a first activity pattern for the session based on the metadata, the first activity pattern comprising a sequence of activities performed by the first user during the session, wherein each activity in the sequence of activities is associated with an activity weight, and wherein an activity weight associated with an activity in the sequence of activities is based on a position of the activity in the sequence of activities; determine, based on each activity weight of each activity in the sequence of activities, a first total weight; identify, based at least on a first subsequence of the first activity pattern, a second activity pattern comprising a second subsequence that corresponds to the first subsequence of the first activity pattern, the second activity pattern having a second total weight; compare the first total weight to the second total weight to determine that the second total weight is within a pre-determined threshold of the first total weight; in response to determining that the second total weight is within the pre-determined threshold of the first total weight, determine an action to be performed for the first activity pattern; and transmit the action to a second client device, wherein the action is an action to be performed for the session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method comprising:
-
responsive to a first user requesting access from a first client device to a privileged account on a target system, sending, to the first client device, access information to enable the first user using the first client device to access the privileged account; based on the first client device accessing the privileged account using the access information, sending, to the target system, a request to establish a session between the first client device and the target system; receiving, from the target system, metadata captured by the target system, wherein the metadata is indicative of activity performed by the first user operating the first client device during the session with the target system; determining a first activity pattern for the session based on the metadata, the first activity pattern comprising a sequence of activities performed by the first user during the session, wherein each activity in the sequence of activities is associated with an activity weight, and wherein an activity weight associated with an activity in the sequence of activities is based on a position of the activity in the sequence of activities; determining, based on each activity weight of each activity in the sequence of activities, a first total weight; identifying, based at least on a first sub sequence of the first activity pattern, a second activity pattern comprising a second sub sequence that corresponds to the first sub sequence of the first activity pattern, the second activity pattern having a second total weight; comparing the first total weight to the second total weight to determine the second total weight is within a pre-determined threshold of the first total weight; in response to determining the second total weight is within the pre-determined threshold of the first total weight, determining an action to be performed for the first activity pattern; and transmitting the action to a second client device, wherein the action is an action to be performed for the session. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
-
instructions that, in response to a first user requesting access from a first client device to a privileged account on a target system, send, to the first client device, access information to enable the first user using the first client device to access the privileged account; instructions that, based on the first client device accessing the privileged account using the access information, cause the one or more processors to send, to the target system, a request to establish a session between the first client device and the target system; instructions that cause the one or more processors to receive, from the target system, metadata captured by the target system, wherein the metadata is indicative of activity performed by the first user operating the first client device during the session with the target system; instructions that cause the one or more processors to determine a first activity pattern for the session based on the metadata, the first activity pattern comprising a sequence of activities performed by the first user during the session, wherein each activity in the sequence of activities is associated with an activity weight, and wherein an activity weight associated with an activity in the sequence of activities is based on a position of the activity in the sequence of activities; instructions that cause the one or more processors to determine, based on each activity weight of each activity in the sequence of activities, a first total weight; instructions that cause the one or more processors to identify, based at least on a first sub sequence of the first activity pattern, a second activity pattern comprising a second sub sequence that corresponds to the first sub sequence of the first activity pattern, wherein the second activity pattern having a second total weight; instructions that cause the one or more processors to compare the first total weight to the second total weight to determine the second total weight is within a pre-determined threshold of the first total weight; in response to determining the second total weight is within the pre-determined threshold of the first total weight, instructions that cause the one or more processors to determine an action to be performed for the first activity pattern; and instructions that cause the one or more processors to transmit the action to a second client device, wherein the action is an action to be performed for the session. - View Dependent Claims (17, 18, 19, 20)
-
Specification