Real-time activity monitoring and reporting

US 20070039049A1
Filed: 09/19/2005
Published: 02/15/2007
Est. Priority Date: 08/11/2005
Status: Active Grant

First Claim

Patent Images

1. A system for real-time activity monitoring and responsive actions, comprising:

a host having an application;

a client in communication link with and interacting with the application; and

a monitor having traffic, rules and actions engines, the traffic engine for substantially real-time sniffing and parsing of all communications between the client and the host, the rules engine for a substantially real-time rule-based evaluation of parsed communications, and the actions engine for a substantially real-time performance of an action responsive to a communication which is deemed by the rule-based evaluation to meet a rule applied by the rules engine, wherein the monitor is transparent to both the client and the application running on the host.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In order to track activities in a computerized system with client-server or other communications, a system configuration is needed which monitors, logs and reports traffic. This is somewhat akin to but not entirely similar a firewall. Thus, the invention contemplates a real-time, platform-independent, rule-based activity monitor for detecting a particular activity of interest as it occurs and for reporting such activity and the user substantially as fast.

459 Citations

33 Claims

1. A system for real-time activity monitoring and responsive actions, comprising:
- a host having an application;
  
  a client in communication link with and interacting with the application; and
  
  a monitor having traffic, rules and actions engines, the traffic engine for substantially real-time sniffing and parsing of all communications between the client and the host, the rules engine for a substantially real-time rule-based evaluation of parsed communications, and the actions engine for a substantially real-time performance of an action responsive to a communication which is deemed by the rule-based evaluation to meet a rule applied by the rules engine, wherein the monitor is transparent to both the client and the application running on the host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A system as in claim 1, wherein the host is deployed in a machine and the monitor is also deployed in that machine, although the monitor is logically interposed between the host and the client.
  - 3. A system as in claim 1, wherein the client has an emulator associated therewith through which the client is capable of communicating with the application.
  - 4. A system as in claim 1, wherein the host is a server or a mainframe.
  - 5. A system as in claim 1, wherein the monitor is deployed in two separate machines, one with the traffic and rules engines and the other with the actions engine.
  - 6. A system as in claim 1, wherein the application has a user interface associated therewith and the rules are defined using the user interface.
  - 7. A system as in claim 6, wherein the rules are incorporated in an XML (extensible markup language) instruction file.
  - 8. A system as in claim 1, wherein the rules are associated with conditions.
  - 9. A system as in claim 8, wherein the rules, conditions and actions are deployed in an XML instruction file to the monitor for run-time use and are dynamically modifiable and extendible.
  - 10. A system as in claim 1, wherein the host further includes a program module which defines another action, the program module having a corresponding XML reference associated therewith and corresponding it with a rule, the XML reference capable of being dynamically added to an XML instruction file deployed to the Monitor.
  - 11. A system as in claim 1, wherein the action is one or a combination of reporting, saving to a database, logging to a file, sending a message, providing a popup, testing calling a web site and performing an HTTP Get/Post command.

12. A system for real-time activity monitoring and responsive actions, comprising:
- a host machine having a host and an application;
  
  an actions machine having an actions engine; and
  
  one or more user machines having a client and a monitor instance, each client being in communication link with the application via the host, wherein each monitor instance has traffic and rules engines, each traffic engine for a substantially real-time sniffing and parsing of all communications between a respective client and the application, each rules engine for a substantially real-time rule-based evaluation of parsed communications, and the actions engine for receiving alerts from the rules engines and for performing a substantially real-time action responsive to a communication being deemed by such rules engines to meet a rule applied by the rules engine, and wherein the monitor is transparent to each of the clients and the application running on the host.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 24)
- - 13. A system as in claim 12, wherein the application has a user interface associated therewith and the rules are defined using the user interface.
  - 14. A system as in claim 12, wherein each client has an emulator through which such client is capable of interfacing with the application.
  - 15. A system as in claim 12, wherein the rules are incorporated in an XML (extensible markup language) instruction file.
  - 16. A system as in claim 12, wherein the rules are associated with conditions.
  - 17. A system as in claim 16, wherein the rules, conditions and actions are deployed in an XML instruction file to the monitor for run-time use and are dynamically modifiable and extendible.
  - 18. A system as in claim 12, wherein the host machine further includes a program module which defines another action, the program module having a corresponding XML reference associated therewith and corresponding it with a rule, the XML reference capable of being dynamically added to an XML instruction file deployed to each monitor.
  - 19. A system as in claim 12, wherein the action is one or a combination of reporting, saving to a database, logging to a file, sending a message, providing a popup, testing calling a web site and performing an HTTP Get/Post command.
  - 20. A system as in claim 12, wherein the actions machine is a server and the host machine is a server, a mainframe or a super-computer.
  - 24. A system as in claim 12, wherein the rules are incorporated in an XML (extensible markup language) instruction file.

21. A system for real-time activity monitoring and responsive actions, comprising:
- a first machine having a first application;
  
  a second machine having a second application; and
  
  an application interface interposed between the first and second machines and having a monitor which is in communications link with the first and second applications, wherein the monitor has traffic, rules and actions engines, the traffic engine for substantially real-time sniffing and parsing of all communications between the first and second applications, the rules engine for substantially real-time evaluation of parsed communications, and the actions engine for performing a substantially real-time action responsive to communications deemed by the rules engine to meet a rule, wherein the monitor is transparent to both the first and second applications.
- View Dependent Claims (22, 23, 25, 26, 27, 28)
- - 22. A system as in claim 21, wherein the each of the first and second applications has a user interface associated therewith and the rules are defined using such user interfaces.
  - 23. A system as in claim 21, wherein each client has an emulator through which such client is capable of interfacing with the application.
  - 25. A system as in claim 21, wherein the rules are associated with conditions.
  - 26. A system as in claim 25, wherein the rules, conditions and actions are deployed in an XML instruction file to the monitor for run-time use and are dynamically modifiable and extendible.
  - 27. A system as in claim 21, wherein one or each of the first and second machines further includes a program module which defines one or more actions, the program module having a corresponding XML reference associated therewith and corresponding each action to a rule, the XML reference capable of being dynamically added to an XML instruction file deployed to the monitor.
  - 28. A system as in claim 21, wherein the action is one or a combination of reporting, saving to a database, logging to a file, sending a message, providing a popup, testing calling a web site and performing an HTTP Get/Post command.

29. A method for real-time activity monitoring and responsive actions via a computerized system with client-server communications, comprising;
- in a computerized system with a host and one or more clients in communications link with the host, instantiating a client session associated with a client that interfaces with a server application on the host, the server application having one or more screens associated therewith each of which containing one or more fields;
  
  establishing in a monitor a connection with the server for each instantiated client session, wherein the monitor is logically interposed between the host and the client;
  
  selecting one or more of the fields;
  
  defining a rule a condition and an action that attach to the selected one or more fields; and
  
  uploading the rule and action to the monitor for subsequent run-time use, wherein the rule is applied in real-time to the selected one or more fields each time they are encountered, the rule being employed for evaluating activity embodied in client-server communications, and the action being initiated when the evaluated activity meets conditions of the rule.
- View Dependent Claims (30, 31, 32, 33)
- - 30. A method as in claim 29, wherein the rules are associated with conditions.
  - 31. A method as in claim 29, wherein the rules are defined using a wizard at the host.
  - 32. A method as in claim 29, wherein the uploaded rules are incorporated in an XML instruction file.
  - 33. A method as in claim 29, further comprising recordation of the client session wherein the action is replaying of the recorded client session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Incorporated (Open Text Corporation)
Original Assignee
NetManage, Inc. (Open Text Corporation)
Inventors
Kupferman, Michael, Hardonag, Ido

Granted Patent

US 7,962,616 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 11/3495   for systems

H04L 43/028   by filtering

H04L 63/1416   Event detection, e.g. attac...

Real-time activity monitoring and reporting

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

459 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Real-time activity monitoring and reporting

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

459 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links