Computer-implemented command control in information technology service environment
First Claim
1. A computer-implemented method of controlling execution of computer-executable commands, the method performed by one or more hardware processors, comprising:
- intercepting, automatically by a computer-implemented agent process running on a first computer, a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer by at least capturing an application invocation signal and intercepting user input to the application;
retrieving a server profile built for an application running on the target computer that supports the command;
dynamically constructing a risk enforcement policy at least based on the server profile and change policy;
determining based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution;
based on executing of one or more of the computer-executable enforcement actions, transmitting the command to execute on the target computer or preventing the command from executing on the target computer to prevent error; and
storing information associated with the command comprising at least a source identifier that issued the command, a time the command was issued, and a reason the command was issued.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.
57 Citations
14 Claims
-
1. A computer-implemented method of controlling execution of computer-executable commands, the method performed by one or more hardware processors, comprising:
-
intercepting, automatically by a computer-implemented agent process running on a first computer, a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer by at least capturing an application invocation signal and intercepting user input to the application; retrieving a server profile built for an application running on the target computer that supports the command; dynamically constructing a risk enforcement policy at least based on the server profile and change policy; determining based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution; based on executing of one or more of the computer-executable enforcement actions, transmitting the command to execute on the target computer or preventing the command from executing on the target computer to prevent error; and storing information associated with the command comprising at least a source identifier that issued the command, a time the command was issued, and a reason the command was issued. - View Dependent Claims (2, 3, 4)
-
-
5. The method of claim 1, wherein the risk enforcement policy comprises platform-specific user commands with different risk levels and device-specific resources.
-
6. A computer readable storage medium storing a program of instructions executable by a machine to perform a method of controlling execution of commands, the method comprising:
-
intercepting, automatically by a computer-implemented agent process running on a first computer, a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer by at least capturing an application invocation signal and intercepting user input to the application; retrieving a server profile built for an application running on the target computer that supports the command; dynamically constructing a risk enforcement policy at least based on the server profile and change policy; determining based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution; based on executing of one or more of the computer-executable enforcement actions, transmitting the command to execute on the target computer or preventing the command from executing on the target computer to prevent error; and
storing information associated with the command comprising at least a source identifier that issued the command, a time the command was issued, and a reason the command was issued.
-
-
7. The computer readable storage medium of claim 6, wherein the computer-executable enforcement actions comprise one or more of:
-
allowing the command to execute on the target computer; presenting an alternative command to execute on the target computer; requesting additional input associated with the command; requesting validation and review before executing the command;
or canceling executing of the command on the target computer.
-
-
8. The computer readable storage medium of claim 6, wherein the first computer is a client-side computer.
-
9. The computer readable storage medium of claim 6, wherein the target computer is a server computer.
-
10. The computer readable storage medium of claim 6, wherein the risk enforcement policy comprises platform-specific user commands with different risk levels and device-specific resources.
-
11. A system of controlling execution of commands, comprising:
-
one or more hardware processors, one or more of the hardware processors operable to intercept a command issued from a first computer to execute on a target computer prior to invocation of the command on the target computer by at least capturing an application invocation signal and intercepting user input to the application, one or more of the hardware processors further operable to retrieve a server profile built for an application running on the target computer that supports the command, one or more of the hardware processors further operable to dynamically construct a risk enforcement policy at least based on the server profile and change policy, one or more of the hardware processors further operable to determine based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution, based on executing of one or more of the computer-executable enforcement actions, one or more of the hardware processors further operable to transmit the command to execute on the target computer or prevent the command from executing on the target computer to prevent error; a storage device operatively connected to one or more of the hardware processors, one or more of the hardware processors storing in the storage device, information associated with the command comprising at least a source identifier that issued the command, a time the command was issued, and a reason the command was issued.
-
-
12. The system of claim 11, wherein the computer-executable enforcement actions comprise one or more of:
-
allowing the command to execute on the target computer; presenting an alternative command to execute on the target computer; requesting additional input associated with the command; requesting validation and review before executing the command;
or canceling executing of the command on the target computer.
-
-
13. The system of claim 11, wherein the first computer comprises one or more of the hardware processors that perform the intercepting.
-
14. The system of claim 11, wherein the risk enforcement policy comprises platform-specific user commands with different risk levels and device-specific resources.
Specification