On-box active reconnaissance
A method of monitoring events in a network associated with a node. An agent collects event information associated with the monitored activities, based on a set of collection rules. A determination is made whether a portion of the collected event information complies or potentially complies with one...
Saved in:
| Main Authors | , |
|---|---|
| Format | Patent |
| Language | English |
| Published |
26.04.2011
|
| Online Access | Get full text |
Cover
Loading…
| Summary: | A method of monitoring events in a network associated with a node. An agent collects event information associated with the monitored activities, based on a set of collection rules. A determination is made whether a portion of the collected event information complies or potentially complies with one of a set of patterns. An agent selects event information from the collection based on the determination, and makes the selected event information available to a manager associated with the node and other nodes in the network. The agent manager receives event information from a plurality of agents. A triggering event is identified, as a function of the set of patterns, based on the event information. The agent manager sends at least one request to a selected set of the agents for additional event information when a triggering event is identified. |
|---|