Method and system for collaboration during an event
First Claim
Patent Images
1. A method of gathering data in response to an event comprising:
- identifying, by an agent discovery service, a plurality of computer environments coupled to a network;
authenticating, by a controller communicatively coupled to the agent discovery service, the plurality of computer environments;
authenticating, by the controller, one or more users;
providing, by the controller, an interface to an authenticated user of the one or more users;
allowing, by the controller, the authenticated user to define a parameter identifying a characteristic of data to be gathered from the plurality of authenticated computer environments;
allowing, by the controller, the authenticated user to reduce an amount of data gathered and transported from each of the plurality of authenticated computer environments by remotely (i) comparing data in the authenticated computer environments with the parameter and (ii) filtering out data that does not satisfy the parameter so that (a) filtered out data is remotely separated from other data, (b) the filtered out data is not transported from at least one of the plurality of authenticated computer environments, and (c) the other data is transported from the one of the plurality of authenticated computer environments;
marking, by the controller, the gathered data as gathered from a particular authenticated computer environment; and
providing, by the controller, access to the authenticated user to the gathered data,wherein,the characteristic of data to be gathered from the plurality of authenticated computer environments relates to at least one of (i) a deleted file, (ii) program or process execution, (c) program or process installation, (iii) access history, and (iv) a system log, andthe parameter is a file hash for searching for encrypted files.
8 Assignments
0 Petitions
Accused Products
Abstract
A system and method for gathering data from a plurality of computer environments. The computer environments are authenticated, data is copied from the plurality of authenticated computer environments to a memory location, and access to the memory location is provided to a plurality of authenticated users. The data may be marked so that a user may determine which computer environment provided the data.
176 Citations
17 Claims
-
1. A method of gathering data in response to an event comprising:
-
identifying, by an agent discovery service, a plurality of computer environments coupled to a network; authenticating, by a controller communicatively coupled to the agent discovery service, the plurality of computer environments; authenticating, by the controller, one or more users; providing, by the controller, an interface to an authenticated user of the one or more users; allowing, by the controller, the authenticated user to define a parameter identifying a characteristic of data to be gathered from the plurality of authenticated computer environments; allowing, by the controller, the authenticated user to reduce an amount of data gathered and transported from each of the plurality of authenticated computer environments by remotely (i) comparing data in the authenticated computer environments with the parameter and (ii) filtering out data that does not satisfy the parameter so that (a) filtered out data is remotely separated from other data, (b) the filtered out data is not transported from at least one of the plurality of authenticated computer environments, and (c) the other data is transported from the one of the plurality of authenticated computer environments; marking, by the controller, the gathered data as gathered from a particular authenticated computer environment; and providing, by the controller, access to the authenticated user to the gathered data, wherein, the characteristic of data to be gathered from the plurality of authenticated computer environments relates to at least one of (i) a deleted file, (ii) program or process execution, (c) program or process installation, (iii) access history, and (iv) a system log, and the parameter is a file hash for searching for encrypted files. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of gathering data in response to an event comprising:
-
identifying, by an agent discovery service, a plurality of computer environments coupled to a network; authenticating, by a controller communicatively coupled to the agent discovery service, the plurality of computer environments; authenticating, by the controller, at least one user; providing, by the controller, an interface to the at least one authenticated user; allowing, by the controller, the at least one authenticated user to define a parameter identifying a characteristic of data to be gathered from the plurality of authenticated computer environments; allowing, by the controller, the at least one authenticated user to gather data from the plurality of authenticated computer environments through the interface including by (i) comparing data in the authenticated computer environments with the parameter, and (ii) filtering out data that does not satisfy the parameter so that (a) filtered out data is remotely separated from other data, (b) the filtered out data is not transported from at least one of the plurality of authenticated computer environments, and (c) the other data is transported from the one of the plurality of authenticated computer environments; marking, by the controller, the gathered data as gathered from the one of the plurality of authenticated computer environments; and providing, by the controller, access to the at least one authenticated user to the gathered data; wherein, the data to be gathered from the plurality of authenticated computer environments was not previously stored in the authenticated computer environments at the direction or pursuant to the instructions of the at least one authenticated user, and the parameter is a file hash for searching for encrypted files. - View Dependent Claims (15)
-
-
16. A method of gathering data in response to an event comprising:
-
identifying, by an agent discovery service, a plurality of computer environments coupled to a network; authenticating, by a controller communicatively coupled to the agent discovery service, the plurality of computer environments; authenticating, by the controller, one or more of a plurality of users; providing, by the controller, an interface to the plurality of an authenticated user of the one or more users; allowing, by the controller, one or more of the authenticated user to define a parameter identifying a characteristic of data to be gathered from the plurality of authenticated computer environments; allowing, by the controller, the authenticated user to reduce, using an auditor module, an amount of data gathered and transported from each of the plurality of authenticated computer environments by remotely (i) comparing data in the authenticated computer environments with the parameter and (ii) filtering out data that does not satisfy the parameter so that (a) filtered out data is remotely separated from other data, (b) the filtered out data is not transported from at least one of the plurality of authenticated computer environments, and (c) the other data is transported from the one of the plurality of authenticated computer environments; marking, by the controller, the gathered data as gathered from the one of the plurality of authenticated computer environments; and providing, by the controller, access to the authenticated user to the gathered data, wherein, the parameter is a file hash for searching for encrypted files. - View Dependent Claims (17)
-
Specification