| 主权项 |
1. A method for monitoring decommissioned servers, the method comprising:
aggregating, by one or more processors, information associated with an environment, from a plurality of resources external to a server resource, wherein the plurality of resources external to the server resource provide a historical indication on activities related to the server resource within the environment, and wherein the information is directly gathered from monitoring address resolution protocol (ARP) cache data from a router; analyzing, by one or more processors, the aggregated information associated with the environment; calculating, by one or more processors, a baseline of server activity, based on a comparison of network activity from the ARP cache data associated with the environment, which shows decommissioned assets continuing to be active; determining, by one or more processors, whether new information associated with the environment is consistent with the baseline of server activity, wherein network traffic and types of packets from decommissioned assets are used to detect whether new information associated with the environment is consistent with the baseline of server activity; and responsive to determining that the new information associated with the environment is not consistent with the baseline of server activity, identifying the new information as a possible misuse and flagging the new information associated with unusual server activity. |
