Method and apparatus for alert prioritization on high value end points

US 8,438,268 B2
Filed: 04/23/2008
Issued: 05/07/2013
Est. Priority Date: 04/23/2008
Status: Active Grant

First Claim

Patent Images

1. A method of prioritizing alerts on end points, comprising:

receiving at an aggregator agent that monitors a plurality of end point agents, a signal indicating an out of band operating tolerance from an end point asset;

in response to receiving the signal, gathering at the aggregator agent, information associated with a local environment where the end point asset is located, at least by retrieving data available on a computer running the aggregator agent and by querying one or more other end points agents respectively associated with one or more other end point assets, wherein the aggregator agent, the end point asset and the other end point assets are co-located in the local environment;

determining locally at the aggregator agent a priority of said signal based on a rules engine local to the aggregator agent and at least based on the gathered information;

transmitting said priority of said signal and information associated with said signal to a remote host computer for appropriate handling;

wherein the step of determining locally at the aggregator agent a priority further includes downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately sending the priority of said signal to the remote host computer; and

wherein the step of determining locally at the aggregator agent a priority of said signal further includes re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for prioritizing alerts on end points include an aggregator agent that monitors a plurality of end point agents and receives a signal indicating an out of band operating tolerance from an end point. The aggregator agent locally determines the priority of the received signal based on a rules engine local to the aggregator agent. The aggregator agent transmits the priority of said signal and information associated with said signal to a remote host computer for appropriate handling.

17 Citations

View as Search Results

23 Claims

1. A method of prioritizing alerts on end points, comprising:
- receiving at an aggregator agent that monitors a plurality of end point agents, a signal indicating an out of band operating tolerance from an end point asset;
  
  in response to receiving the signal, gathering at the aggregator agent, information associated with a local environment where the end point asset is located, at least by retrieving data available on a computer running the aggregator agent and by querying one or more other end points agents respectively associated with one or more other end point assets, wherein the aggregator agent, the end point asset and the other end point assets are co-located in the local environment;
  
  determining locally at the aggregator agent a priority of said signal based on a rules engine local to the aggregator agent and at least based on the gathered information;
  
  transmitting said priority of said signal and information associated with said signal to a remote host computer for appropriate handling;
  
  wherein the step of determining locally at the aggregator agent a priority further includes downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately sending the priority of said signal to the remote host computer; and
  
  wherein the step of determining locally at the aggregator agent a priority of said signal further includes re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 22, 23)
- - 2. The method of claim 1, wherein the step of receiving at an aggregator agent includes said aggregator agent polling said plurality of end point agents for profile data.
  - 3. The method of claim 2, wherein the step of determining locally at the aggregator agent further includes using said profile data to determine said priority.
  - 4. The method of claim 3, wherein the step of determining locally at the aggregator agent further includes gathering environment data associated with environment where said aggregator agent is located.
  - 5. The method of claim 1, wherein said local environment is a mobile object.
  - 6. The method of claim 5, wherein said aggregator agent is a plug-in to an onboard computer of the mobile object and said plurality of end point agents are each attached to an item carried in the mobile object.
  - 7. The method of claim 5, wherein said mobile object is a vehicle.
  - 22. The method of claim 1, wherein said aggregator agent is a mobile device.
  - 23. The method of claim 1, wherein said aggregator agent is a smartphone.

8. A method of prioritizing alerts on end points, comprising:
- executing an aggregator agent on a mobile object, said aggregator agent enabled to monitor a plurality of end point agents each associated with an asset carried on the mobile object, said aggregator agent further enabled to receive signals indicating out of band operating tolerance from said plurality of end point agents,said aggregator agent in response to receiving a signal indicating out of band operating tolerance, further enabled to gather information associated with the mobile object, at least by retrieving data available on a computer on the mobile object and by querying one or more other end point agents in the mobile object,said aggregator agent further enabled to determine locally priorities of said signals based on a rules engine local to the aggregator agent and at least the gathered information; and
  
  receiving at a remote host computer said priorities of said signals and information associated with said signals from said aggregator agent;
  
  handling at said host computer said signals based on said priorities;
  
  wherein the step of determining locally at the aggregator agent a priority of one of said signals further includes downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately sending the priority of said signal to the remote host computer; and
  
  wherein the step of determining locally at the aggregator agent a priority of said signal further includes re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data.
- View Dependent Claims (9)
- - 9. The method of claim 8, further including requesting a log from said aggregator agent.

10. A system for prioritizing alerts on end points, comprising:
- a processor;
  
  an aggregator agent located in a local environment, executing on the processor, and monitoring a plurality of end point agents each attached to an asset located in said local environment, said aggregator agent operable to receive signals from said end point agents;
  
  a rules engine comprising a plurality of rules for handling signals from said end point agents, said rules engine located in said local environment;
  
  said aggregator agent gathering information associated with the local environment, at least by retrieving data available on a computer running the aggregator agent and by querying one or more other end point agents in the local environment in response to receiving a signal that an end point asset has reached out of band tolerance,said aggregator agent determining locally a priority of said signals received from said end point agents based on said plurality of rules and information associated with said local environment and said asset, and sending said priority of said signals and information associated with said signals to a remote host computer for appropriate handling;
  
  wherein the aggregator agent determines the priority of one of said signals by downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately sending the priority of said signal to the remote host computer; and
  
  wherein the aggregator agent determines the priority of said signal by re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, further comprising the remote host computer operable to receive and handle one or more prioritized signals from said aggregator agent.
  - 12. The system of claim 10, wherein said local environment is a mobile object.
  - 13. The system of claim 10, wherein said aggregator agent is a plug-in program operable to execute on a computer in said local environment.
  - 14. The system of claim 10, wherein said local environment is a vehicle.

15. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method of prioritizing alerts on end points, comprising:
- receiving at an aggregator agent that monitors a plurality of end point agents, a signal indicating an out of band operating tolerance of an end point asset;
  
  in response to receiving the signal, gathering at the aggregator agent information associated with a local environment where the end point asset is located, at least by retrieving data available on a computer running the aggregator agent and by querying one or more other end point agents respectively associated with one or more other end point assets,wherein the aggregator agent, the end point asset and the other end point assets are co-located in the local environment;
  
  determining locally at the aggregator agent a priority of said signal based on a rules engine local to the aggregator agent and at least based on the gathered information;
  
  transmitting said priority of said signal and information associated with said signal to a remote host computer for appropriate handling;
  
  wherein the step of determining locally at the aggregator agent a priority further includes downgrading priority of said signal and writing to a local log information associated with the downgraded priority of said signal without immediately transmitting the priority of said signal to the remote host computer; and
  
  wherein the step of determining locally at the aggregator agent a priority of said signal further includes re-polling for data from the plurality of end point agents and reassessing said priority based on the repolled data.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The program storage device of claim 15, wherein the step of receiving at an aggregator agent includes said aggregator agent polling said plurality of end point agents for profile data.
  - 17. The program storage device of claim 16, wherein the step of determining locally at the aggregator agent further includes using said profile data to determine said priority.
  - 18. The program storage device of claim 17, wherein the step of determining locally at the aggregator agent further includes gathering environment data associated with environment where said aggregator agent is located.
  - 19. The program storage device of claim 15, wherein said local environment is a mobile object.
  - 20. The program storage device of claim 19, wherein said aggregator agent is a plug-in to an onboard computer of the mobile object and said plurality of end point agents are each attached to an item carried in the mobile object.
  - 21. The program storage device of claim 19, wherein said mobile object is a vehicle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Mills, Christopher Lee
Primary Examiner(s)
Chan, Wing F
Assistant Examiner(s)
YI, DAVID

Application Number

US12/108,173
Publication Number

US 20090271792A1
Time in Patent Office

1,840 Days
Field of Search

709/244
US Class Current

709/224
CPC Class Codes

G06F 9/542 Event management; Broadcast...

Method and apparatus for alert prioritization on high value end points

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for alert prioritization on high value end points

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others