| 发明名称 | Method and apparatus for providing forensic visibility into systems and networks | ||
| 摘要 | Methods and systems for providing forensic visibility into systems and networks are provided. More particularly, a sensor agent may receive events defining an action of a first object acting on a target. The object, the event, and the target are then correlated to at least one originating object such that an audit trail for each individual event is created. A global perspective indicating an age, popularity, a determination as to whether the object may be malware, and IP/URL information associated with the event may then be applied to at least one of the object, the event, the target, and the originating object. A priority may then be determined and assigned to the event based on at least the global perspective. An event line containing event information is then transmitted to an end recipient where the information may be heuristically displayed. | ||
| 申请公布号 | US9578045(B2) | 申请公布日期 | 2017.02.21 |
| 申请号 | US201414270069 | 申请日期 | 2014.05.05 |
| 申请人 | WEBROOT INC. | 发明人 | Jaroch Joseph;Erasmus Jacques Etienne;Barnes Paul;Mayr Johannes;Leidesdorff Michael;Giuliani Marco;Williams Christopher Jon;Bacher Chad Edward |
| 分类号 | G06F21/00;H04L29/06 | 主分类号 | G06F21/00 |
| 代理机构 | Merchant & Gould P.C. | 代理人 | Merchant & Gould P.C. |
| 主权项 | 1. A method comprising: gathering one or more events defining an action of a first object acting on a target; generating a contextual state for at least one of the one or more events by correlating the at least one event to an originating object, the contextual state including an indication of the originating object of the first object and an indication of at least one of a device on which the first object is executed and a user associated with the first object; obtaining a global perspective for the at least one event by obtaining information associated with one or more of the first object and the originating object, the information including at least one of age, popularity, a determination as to whether the first object is malware, a determination as to whether the originating object is malware, Internet Protocol (IP) Address, and Uniform Resource Locator (URL) information, wherein the global perspective for one or more related events to the at least one event across a network; assembling an event line including details associated with the at least one event, the details including information uniquely identifying the first object, the action of the first object, the target, and the originating object; and transmitting the assembled event line. | ||
| 地址 | Broomfield CO US | ||