摘要 |
A situational model representing of a state of a monitored device is described herein. The situational model is constructed with the security-relevant information in substantially real-time as execution activities of the monitored device associated with the security-relevant information are observed. The represented state may include a current state and a past state of the monitored device. Also, the situational model may be used to validate state information associated events occurring on the monitored device. Further, a remote security service may configure the monitored device, including configuring the situational model, and may build an additional situational model representing a state of a group of monitored devices. |