Passive software identification for vulnerability management

Disclosed herein are methods, systems, and processes to perform passive and realtime software identification and data collection for vulnerability management. Vulnerability management based on agent-collected event data involves monitoring a process start event associated with an application executi...

Full description

Saved in:
Bibliographic Details
Main Author Yeung, Sheung Hei Joseph
Format Patent
LanguageEnglish
Published 27.12.2022
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:Disclosed herein are methods, systems, and processes to perform passive and realtime software identification and data collection for vulnerability management. Vulnerability management based on agent-collected event data involves monitoring a process start event associated with an application executing on a computing device that is part of a network, identifying a binary location of the process start event, and based on the binary location, identifying a software type of the application and a version of the software type. Vulnerability management based on event data in logs involves monitoring the process start event for configuration or file changes, generating fingerprint rules by mapping the configuration or files changes and the process start event associated with a software installation or an upgrade of the software, and processing log data to fingerprint the software type and the version of the software type. Agent-collected event data and event data in logs can be amalgamated to perform software and version identification for vulnerability management.
Bibliography:Application Number: US202016861339