摘要 |
A security monitoring tool and method for a computer network receives data and determines whether the data is associated with a host already stored in a database. Based on the determination, the tool stores the data as a new host or associates it with an existing host. The tool also uses the received data to improve how previously stored data is associated with hosts. In one aspect, the tool determines whether the received data indicates that data currently associated with a stored host represents data for at least two hosts. If so, the tool splits the data into two hosts and associates the received data to the appropriate host. In another aspect, the tool determines whether the received data indicates that data currently associated with two or more hosts represent data for only one host. If so, the tool merges the data into one host and associates the received data with that host.
|